Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
1.exe

Overview

General Information

Sample name:1.exe
Analysis ID:1587436
MD5:2d81de63f4b774466ab048f90f864b9c
SHA1:a006b3904baa7d67dfe4cfb401c12e35b8014844
SHA256:890953a43159346a909bf070cc7217121edece253d8df68960cd80e89b3e70a0
Tags:exeuser-zhuzhu0009
Infos:

Detection

LummaC
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Detected unpacking (changes PE section rights)
Detected unpacking (overwrites its own PE header)
Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected LummaC Stealer
AI detected suspicious sample
C2 URLs / IPs found in malware configuration
LummaC encrypted strings found
Machine Learning detection for sample
Sample uses string decryption to hide its real strings
AV process strings found (often used to terminate AV products)
Contains functionality for read data from the clipboard
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to read the PEB
Contains functionality to read the clipboard data
Contains functionality to record screenshots
Detected potential crypto function
Found inlined nop instructions (likely shell or obfuscated code)
Found potential string decryption / allocating functions
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
One or more processes crash
Sample file is different than original file name gathered from version info
Suricata IDS alerts with low severity for network traffic
Uses 32bit PE files
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Yara signature match

Classification

Process Tree

  • System is w10x64
  • 1.exe (PID: 7728 cmdline: "C:\Users\user\Desktop\1.exe" MD5: 2D81DE63F4B774466AB048F90F864B9C)
    • WerFault.exe (PID: 7904 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 7728 -s 612 MD5: C31336C1EFC2CCB44B4326EA793040F2)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Lumma Stealer, LummaC2 StealerLumma Stealer (aka LummaC2 Stealer) is an information stealer written in C language that has been available through a Malware-as-a-Service (MaaS) model on Russian-speaking forums since at least August 2022. It is believed to have been developed by the threat actor "Shamel", who goes by the alias "Lumma". Lumma Stealer primarily targets cryptocurrency wallets and two-factor authentication (2FA) browser extensions, before ultimately stealing sensitive information from the victim's machine. Once the targeted data is obtained, it is exfiltrated to a C2 server via HTTP POST requests using the user agent "TeslaBrowser/5.5"." The stealer also features a non-resident loader that is capable of delivering additional payloads via EXE, DLL, and PowerShell.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.lumma

Malware Configuration

Threatname: LummaC

{"C2 url": ["dxkushha.com", "wordyfindy.lat"]}

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000000.00000002.1595867373.00000000005D0000.00000040.00001000.00020000.00000000.sdmpWindows_Trojan_RedLineStealer_ed346e4cunknownunknown
  • 0x778:$a: 55 8B EC 8B 45 14 56 57 8B 7D 08 33 F6 89 47 0C 39 75 10 76 15 8B
00000000.00000002.1595932109.0000000000630000.00000040.00001000.00020000.00000000.sdmpWindows_Trojan_Smokeloader_3687686funknownunknown
  • 0x30d:$a: 0C 8B 45 F0 89 45 C8 8B 45 C8 8B 40 3C 8B 4D F0 8D 44 01 04 89
decrypted.memstrJoeSecurity_LummaCStealer_2Yara detected LummaC StealerJoe Security

    Sigma Signatures

    No Sigma rule has matched

    Suricata Signatures

    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2025-01-10T11:35:09.768336+010020283713Unknown Traffic192.168.2.1049717104.102.49.254443TCP
    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2025-01-10T11:35:09.039565+010020584801Domain Observed Used for C2 Detected192.168.2.10542681.1.1.153UDP
    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2025-01-10T11:35:08.994011+010020584841Domain Observed Used for C2 Detected192.168.2.10546991.1.1.153UDP
    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2025-01-10T11:35:08.960492+010020584921Domain Observed Used for C2 Detected192.168.2.10508061.1.1.153UDP
    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2025-01-10T11:35:08.971563+010020585001Domain Observed Used for C2 Detected192.168.2.10582591.1.1.153UDP
    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2025-01-10T11:35:08.950601+010020585021Domain Observed Used for C2 Detected192.168.2.10576571.1.1.153UDP
    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2025-01-10T11:35:08.982677+010020585101Domain Observed Used for C2 Detected192.168.2.10566731.1.1.153UDP
    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2025-01-10T11:35:09.005316+010020585121Domain Observed Used for C2 Detected192.168.2.10590721.1.1.153UDP
    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2025-01-10T11:35:08.938571+010020585141Domain Observed Used for C2 Detected192.168.2.10598861.1.1.153UDP
    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2025-01-10T11:35:10.483329+010028586661Domain Observed Used for C2 Detected192.168.2.1049717104.102.49.254443TCP

    Joe Sandbox Signatures

    Click to jump to signature section

    Show All Signature Results

    AV Detection

    barindex
    Antivirus / Scanner detection for submitted sample
    Source: 1.exeAvira: detected
    Found malware configuration
    Source: 0.3.1.exe.680000.0.unpackMalware Configuration Extractor: LummaC {"C2 url": ["dxkushha.com", "wordyfindy.lat"]}
    Multi AV Scanner detection for submitted file
    Source: 1.exeReversingLabs: Detection: 65%
    Source: 1.exeVirustotal: Detection: 54%Perma Link
    AI detected suspicious sample
    Source: Submited SampleIntegrated Neural Analysis Model: Matched 99.9% probability
    Machine Learning detection for sample
    Source: 1.exeJoe Sandbox ML: detected
    Sample uses string decryption to hide its real strings
    Source: 00000000.00000002.1595752443.0000000000400000.00000040.00000001.01000000.00000003.sdmpString decryptor: bashfulacid.lat
    Source: 00000000.00000002.1595752443.0000000000400000.00000040.00000001.01000000.00000003.sdmpString decryptor: tentabatte.lat
    Source: 00000000.00000002.1595752443.0000000000400000.00000040.00000001.01000000.00000003.sdmpString decryptor: curverpluch.lat
    Source: 00000000.00000002.1595752443.0000000000400000.00000040.00000001.01000000.00000003.sdmpString decryptor: talkynicer.lat
    Source: 00000000.00000002.1595752443.0000000000400000.00000040.00000001.01000000.00000003.sdmpString decryptor: shapestickyr.lat
    Source: 00000000.00000002.1595752443.0000000000400000.00000040.00000001.01000000.00000003.sdmpString decryptor: manyrestro.lat
    Source: 00000000.00000002.1595752443.0000000000400000.00000040.00000001.01000000.00000003.sdmpString decryptor: slipperyloo.lat
    Source: 00000000.00000002.1595752443.0000000000400000.00000040.00000001.01000000.00000003.sdmpString decryptor: wordyfindy.lat
    Source: 00000000.00000002.1595752443.0000000000400000.00000040.00000001.01000000.00000003.sdmpString decryptor: dxkushha.com
    Source: 00000000.00000002.1595752443.0000000000400000.00000040.00000001.01000000.00000003.sdmpString decryptor: lid=%s&j=%s&ver=4.0
    Source: 00000000.00000002.1595752443.0000000000400000.00000040.00000001.01000000.00000003.sdmpString decryptor: TeslaBrowser/5.5
    Source: 00000000.00000002.1595752443.0000000000400000.00000040.00000001.01000000.00000003.sdmpString decryptor: - Screen Resoluton:
    Source: 00000000.00000002.1595752443.0000000000400000.00000040.00000001.01000000.00000003.sdmpString decryptor: - Physical Installed Memory:
    Source: 00000000.00000002.1595752443.0000000000400000.00000040.00000001.01000000.00000003.sdmpString decryptor: Workgroup: -
    Source: 00000000.00000002.1595752443.0000000000400000.00000040.00000001.01000000.00000003.sdmpString decryptor: HpOoIh--2a727a032c4d

    Compliance

    barindex
    Detected unpacking (overwrites its own PE header)
    Source: C:\Users\user\Desktop\1.exeUnpacked PE file: 0.2.1.exe.400000.0.unpack
    Source: 1.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE
    Source: C:\Users\user\Desktop\1.exeFile opened: C:\Windows\SysWOW64\msvcr100.dllJump to behavior
    Source: unknownHTTPS traffic detected: 104.102.49.254:443 -> 192.168.2.10:49717 version: TLS 1.2
    Source: C:\Users\user\Desktop\1.exeCode function: 4x nop then mov ecx, eax0_2_0043C59C
    Source: C:\Users\user\Desktop\1.exeCode function: 4x nop then movzx ebx, byte ptr [esp+eax+273D8908h]0_2_0043EEC0
    Source: C:\Users\user\Desktop\1.exeCode function: 4x nop then cmp dword ptr [edi+ebp*8], 40C3E6E8h0_2_0043EEC0
    Source: C:\Users\user\Desktop\1.exeCode function: 4x nop then movzx ebx, byte ptr [esp+eax+273D8908h]0_2_0043F040
    Source: C:\Users\user\Desktop\1.exeCode function: 4x nop then cmp dword ptr [edi+ebp*8], 38B2B0F7h0_2_0043F040
    Source: C:\Users\user\Desktop\1.exeCode function: 4x nop then mov byte ptr [esi], cl0_2_0042B078
    Source: C:\Users\user\Desktop\1.exeCode function: 4x nop then cmp dword ptr [esi+edx*8], 2213E57Fh0_2_0043A800
    Source: C:\Users\user\Desktop\1.exeCode function: 4x nop then cmp dword ptr [edi+esi*8], 06702B10h0_2_0043A800
    Source: C:\Users\user\Desktop\1.exeCode function: 4x nop then cmp dword ptr [esi+edx*8], 2213E57Fh0_2_0043A800
    Source: C:\Users\user\Desktop\1.exeCode function: 4x nop then mov ecx, eax0_2_0043A800
    Source: C:\Users\user\Desktop\1.exeCode function: 4x nop then movzx edx, byte ptr [ebx+eax]0_2_0043B813
    Source: C:\Users\user\Desktop\1.exeCode function: 4x nop then cmp dword ptr [edi+edx*8], AD68FE34h0_2_0043E8D0
    Source: C:\Users\user\Desktop\1.exeCode function: 4x nop then push esi0_2_004210F3
    Source: C:\Users\user\Desktop\1.exeCode function: 4x nop then mov edx, eax0_2_00418095
    Source: C:\Users\user\Desktop\1.exeCode function: 4x nop then movzx edx, byte ptr [esp+ecx-6E7BF537h]0_2_0042C894
    Source: C:\Users\user\Desktop\1.exeCode function: 4x nop then mov ecx, eax0_2_004290B0
    Source: C:\Users\user\Desktop\1.exeCode function: 4x nop then movzx edx, byte ptr [esp+ecx-23ABFE5Bh]0_2_004290B0
    Source: C:\Users\user\Desktop\1.exeCode function: 4x nop then jmp edx0_2_0043D140
    Source: C:\Users\user\Desktop\1.exeCode function: 4x nop then mov ecx, eax0_2_0041D172
    Source: C:\Users\user\Desktop\1.exeCode function: 4x nop then movzx edx, byte ptr [esp+ecx-6E7BF537h]0_2_0042C9DA
    Source: C:\Users\user\Desktop\1.exeCode function: 4x nop then movzx edx, byte ptr [esp+ecx-6E7BF537h]0_2_0042C9E9
    Source: C:\Users\user\Desktop\1.exeCode function: 4x nop then movzx edx, byte ptr [esp+ecx-6E7BF537h]0_2_0042C984
    Source: C:\Users\user\Desktop\1.exeCode function: 4x nop then mov ecx, eax0_2_0041D189
    Source: C:\Users\user\Desktop\1.exeCode function: 4x nop then movzx edx, byte ptr [esp+ecx+795224EFh]0_2_004259B0
    Source: C:\Users\user\Desktop\1.exeCode function: 4x nop then mov word ptr [edx], cx0_2_00414A50
    Source: C:\Users\user\Desktop\1.exeCode function: 4x nop then mov eax, ecx0_2_00414A50
    Source: C:\Users\user\Desktop\1.exeCode function: 4x nop then mov ebp, dword ptr [esp+20h]0_2_00414A50
    Source: C:\Users\user\Desktop\1.exeCode function: 4x nop then cmp dword ptr [edi+esi*8], 385488F2h0_2_00414A50
    Source: C:\Users\user\Desktop\1.exeCode function: 4x nop then cmp dword ptr [edi+esi*8], 385488F2h0_2_00414A50
    Source: C:\Users\user\Desktop\1.exeCode function: 4x nop then mov esi, edx0_2_0041720B
    Source: C:\Users\user\Desktop\1.exeCode function: 4x nop then movzx edx, byte ptr [esp+eax+65F916CFh]0_2_0041720B
    Source: C:\Users\user\Desktop\1.exeCode function: 4x nop then and esi, 80000000h0_2_00408A20
    Source: C:\Users\user\Desktop\1.exeCode function: 4x nop then movzx ecx, byte ptr [esp+eax+795224B5h]0_2_00426230
    Source: C:\Users\user\Desktop\1.exeCode function: 4x nop then mov word ptr [edx], cx0_2_004192C0
    Source: C:\Users\user\Desktop\1.exeCode function: 4x nop then movzx esi, byte ptr [esp+eax-15B7625Fh]0_2_00428290
    Source: C:\Users\user\Desktop\1.exeCode function: 4x nop then movzx edi, byte ptr [esp+eax+273D8904h]0_2_0043DAA0
    Source: C:\Users\user\Desktop\1.exeCode function: 4x nop then movzx esi, byte ptr [esp+eax+418B67A0h]0_2_0040D35C
    Source: C:\Users\user\Desktop\1.exeCode function: 4x nop then cmp dword ptr [ebp+edi*8+00h], 9164D103h0_2_0043DBB0
    Source: C:\Users\user\Desktop\1.exeCode function: 4x nop then add eax, dword ptr [esp+ecx*4+24h]0_2_00407440
    Source: C:\Users\user\Desktop\1.exeCode function: 4x nop then movzx ecx, word ptr [ebp+edi*4+00h]0_2_00407440
    Source: C:\Users\user\Desktop\1.exeCode function: 4x nop then cmp word ptr [edi+eax], 0000h0_2_0041CC60
    Source: C:\Users\user\Desktop\1.exeCode function: 4x nop then movzx ecx, byte ptr [edi+eax]0_2_0043B46A
    Source: C:\Users\user\Desktop\1.exeCode function: 4x nop then mov dword ptr [ebp-00000248h], E7E6E5E6h0_2_0043BC14
    Source: C:\Users\user\Desktop\1.exeCode function: 4x nop then mov ecx, eax0_2_0043BC14
    Source: C:\Users\user\Desktop\1.exeCode function: 4x nop then mov esi, eax0_2_00416D52
    Source: C:\Users\user\Desktop\1.exeCode function: 4x nop then mov edi, ecx0_2_0041D560
    Source: C:\Users\user\Desktop\1.exeCode function: 4x nop then movzx ecx, byte ptr [esp+ebp]0_2_00437D00
    Source: C:\Users\user\Desktop\1.exeCode function: 4x nop then mov word ptr [ebx], cx0_2_0041AD81
    Source: C:\Users\user\Desktop\1.exeCode function: 4x nop then mov ebx, dword ptr [edi+04h]0_2_00429DA0
    Source: C:\Users\user\Desktop\1.exeCode function: 4x nop then mov edx, ecx0_2_0040EDB4
    Source: C:\Users\user\Desktop\1.exeCode function: 4x nop then mov edx, eax0_2_0040EDB4
    Source: C:\Users\user\Desktop\1.exeCode function: 4x nop then mov edi, dword ptr [esp+54h]0_2_00428640
    Source: C:\Users\user\Desktop\1.exeCode function: 4x nop then mov edx, eax0_2_0043BCDB
    Source: C:\Users\user\Desktop\1.exeCode function: 4x nop then movzx esi, word ptr [ecx]0_2_004146C0
    Source: C:\Users\user\Desktop\1.exeCode function: 4x nop then mov byte ptr [ecx], al0_2_004266C0
    Source: C:\Users\user\Desktop\1.exeCode function: 4x nop then jmp edx0_2_004226D3
    Source: C:\Users\user\Desktop\1.exeCode function: 4x nop then mov ecx, eax0_2_0042BF45
    Source: C:\Users\user\Desktop\1.exeCode function: 4x nop then jmp eax0_2_00423FF1
    Source: C:\Users\user\Desktop\1.exeCode function: 4x nop then mov edi, dword ptr [esp+30h]0_2_00423FF1
    Source: C:\Users\user\Desktop\1.exeCode function: 4x nop then cmp dword ptr [esi+ebx*8], 4B1BF3DAh0_2_00437790
    Source: C:\Users\user\Desktop\1.exeCode function: 4x nop then push dword ptr [esp+04h]0_2_00437790
    Source: C:\Users\user\Desktop\1.exeCode function: 4x nop then mov ebx, dword ptr [edi+04h]0_2_0065A007
    Source: C:\Users\user\Desktop\1.exeCode function: 4x nop then mov edx, ecx0_2_0063F01B
    Source: C:\Users\user\Desktop\1.exeCode function: 4x nop then mov edx, eax0_2_0063F01B
    Source: C:\Users\user\Desktop\1.exeCode function: 4x nop then mov edx, eax0_2_0066BF42
    Source: C:\Users\user\Desktop\1.exeCode function: 4x nop then movzx edx, byte ptr [esp+ecx+795224EFh]0_2_00655E4F
    Source: C:\Users\user\Desktop\1.exeCode function: 4x nop then movzx edx, byte ptr [esp+ecx+795224EFh]0_2_00656155
    Source: C:\Users\user\Desktop\1.exeCode function: 4x nop then movzx ebx, byte ptr [esp+eax+273D8908h]0_2_0066F127
    Source: C:\Users\user\Desktop\1.exeCode function: 4x nop then cmp dword ptr [edi+ebp*8], 40C3E6E8h0_2_0066F127
    Source: C:\Users\user\Desktop\1.exeCode function: 4x nop then jmp eax0_2_0065512E
    Source: C:\Users\user\Desktop\1.exeCode function: 4x nop then mov ecx, eax0_2_0065C1AC
    Source: C:\Users\user\Desktop\1.exeCode function: 4x nop then jmp edx0_2_00653277
    Source: C:\Users\user\Desktop\1.exeCode function: 4x nop then mov byte ptr [esi], cl0_2_0065B2DF
    Source: C:\Users\user\Desktop\1.exeCode function: 4x nop then movzx ebx, byte ptr [esp+eax+273D8908h]0_2_0066F2A7
    Source: C:\Users\user\Desktop\1.exeCode function: 4x nop then cmp dword ptr [edi+ebp*8], 38B2B0F7h0_2_0066F2A7
    Source: C:\Users\user\Desktop\1.exeCode function: 4x nop then mov eax, ecx0_2_0064536D
    Source: C:\Users\user\Desktop\1.exeCode function: 4x nop then push esi0_2_0065135A
    Source: C:\Users\user\Desktop\1.exeCode function: 4x nop then mov ecx, eax0_2_00659317
    Source: C:\Users\user\Desktop\1.exeCode function: 4x nop then movzx edx, byte ptr [esp+ecx-23ABFE5Bh]0_2_00659317
    Source: C:\Users\user\Desktop\1.exeCode function: 4x nop then mov ecx, eax0_2_0064D3FF
    Source: C:\Users\user\Desktop\1.exeCode function: 4x nop then jmp edx0_2_0066D3C4
    Source: C:\Users\user\Desktop\1.exeCode function: 4x nop then mov edx, eax0_2_006483BE
    Source: C:\Users\user\Desktop\1.exeCode function: 4x nop then mov esi, edx0_2_00647472
    Source: C:\Users\user\Desktop\1.exeCode function: 4x nop then mov ebp, dword ptr [esp+20h]0_2_00645407
    Source: C:\Users\user\Desktop\1.exeCode function: 4x nop then movzx esi, byte ptr [esp+eax-15B7625Fh]0_2_006584F7
    Source: C:\Users\user\Desktop\1.exeCode function: 4x nop then mov eax, ebx0_2_006464A8
    Source: C:\Users\user\Desktop\1.exeCode function: 4x nop then movzx ecx, byte ptr [esp+eax+795224B5h]0_2_00656497
    Source: C:\Users\user\Desktop\1.exeCode function: 4x nop then movzx esi, byte ptr [esp+eax+418B67A0h]0_2_0063D5C3
    Source: C:\Users\user\Desktop\1.exeCode function: 4x nop then cmp dword ptr [edi+esi*8], 385488F2h0_2_006456CC
    Source: C:\Users\user\Desktop\1.exeCode function: 4x nop then cmp dword ptr [edi+esi*8], 385488F2h0_2_006456CC
    Source: C:\Users\user\Desktop\1.exeCode function: 4x nop then movzx ecx, byte ptr [edi+eax]0_2_0066B6D1
    Source: C:\Users\user\Desktop\1.exeCode function: 4x nop then add eax, dword ptr [esp+ecx*4+24h]0_2_006376A7
    Source: C:\Users\user\Desktop\1.exeCode function: 4x nop then movzx ecx, word ptr [ebp+edi*4+00h]0_2_006376A7
    Source: C:\Users\user\Desktop\1.exeCode function: 4x nop then mov word ptr [edx], cx0_2_006496BE
    Source: C:\Users\user\Desktop\1.exeCode function: 4x nop then mov ecx, eax0_2_0066C7FC
    Source: C:\Users\user\Desktop\1.exeCode function: 4x nop then mov edi, ecx0_2_0064D7C7
    Source: C:\Users\user\Desktop\1.exeCode function: 4x nop then cmp al, 20h0_2_006328EE
    Source: C:\Users\user\Desktop\1.exeCode function: 4x nop then movzx edx, byte ptr [esp+eax+65F916CFh]0_2_006478F9
    Source: C:\Users\user\Desktop\1.exeCode function: 4x nop then mov edi, dword ptr [esp+54h]0_2_006588A7
    Source: C:\Users\user\Desktop\1.exeCode function: 4x nop then movzx esi, word ptr [ecx]0_2_00644927
    Source: C:\Users\user\Desktop\1.exeCode function: 4x nop then cmp dword ptr [esi+ebx*8], 4B1BF3DAh0_2_006679F7
    Source: C:\Users\user\Desktop\1.exeCode function: 4x nop then push dword ptr [esp+04h]0_2_006679F7
    Source: C:\Users\user\Desktop\1.exeCode function: 4x nop then movzx edx, byte ptr [ebx+eax]0_2_0066BA7A
    Source: C:\Users\user\Desktop\1.exeCode function: 4x nop then movzx edx, byte ptr [esp+ecx-6E7BF537h]0_2_0065CAFB
    Source: C:\Users\user\Desktop\1.exeCode function: 4x nop then cmp dword ptr [edi+edx*8], AD68FE34h0_2_0066EB37
    Source: C:\Users\user\Desktop\1.exeCode function: 4x nop then movzx edx, byte ptr [esp+ecx-6E7BF537h]0_2_0065CBEB
    Source: C:\Users\user\Desktop\1.exeCode function: 4x nop then movzx edx, byte ptr [esp+ecx-6E7BF537h]0_2_0065CC41
    Source: C:\Users\user\Desktop\1.exeCode function: 4x nop then movzx edx, byte ptr [esp+ecx-6E7BF537h]0_2_0065CC50
    Source: C:\Users\user\Desktop\1.exeCode function: 4x nop then mov word ptr [edx], cx0_2_00644CB7
    Source: C:\Users\user\Desktop\1.exeCode function: 4x nop then movzx eax, byte ptr [esp+04h]0_2_00647CBD
    Source: C:\Users\user\Desktop\1.exeCode function: 4x nop then and esi, 80000000h0_2_00638C87
    Source: C:\Users\user\Desktop\1.exeCode function: 4x nop then movzx edi, byte ptr [esp+eax+273D8904h]0_2_0066DD07
    Source: C:\Users\user\Desktop\1.exeCode function: 4x nop then mov dword ptr [ebp-00000248h], E7E6E5E6h0_2_0066BE7B
    Source: C:\Users\user\Desktop\1.exeCode function: 4x nop then mov ecx, eax0_2_0066BE7B
    Source: C:\Users\user\Desktop\1.exeCode function: 4x nop then mov edi, dword ptr [esp+30h]0_2_00654E37
    Source: C:\Users\user\Desktop\1.exeCode function: 4x nop then cmp dword ptr [ebp+edi*8+00h], 9164D103h0_2_0066DE17
    Source: C:\Users\user\Desktop\1.exeCode function: 4x nop then cmp word ptr [edi+eax], 0000h0_2_0064CEC7
    Source: C:\Users\user\Desktop\1.exeCode function: 4x nop then mov byte ptr [ecx], al0_2_00656ED0
    Source: C:\Users\user\Desktop\1.exeCode function: 4x nop then mov esi, eax0_2_00646E87
    Source: C:\Users\user\Desktop\1.exeCode function: 4x nop then movzx ecx, byte ptr [esp+ebp]0_2_00667F67
    Source: C:\Users\user\Desktop\1.exeCode function: 4x nop then mov word ptr [ebx], cx0_2_0064AFE8

    Networking

    barindex
    Suricata IDS alerts for network traffic
    Source: Network trafficSuricata IDS: 2058514 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (wordyfindy .lat) : 192.168.2.10:59886 -> 1.1.1.1:53
    Source: Network trafficSuricata IDS: 2058502 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (slipperyloo .lat) : 192.168.2.10:57657 -> 1.1.1.1:53
    Source: Network trafficSuricata IDS: 2058510 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (talkynicer .lat) : 192.168.2.10:56673 -> 1.1.1.1:53
    Source: Network trafficSuricata IDS: 2058480 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (bashfulacid .lat) : 192.168.2.10:54268 -> 1.1.1.1:53
    Source: Network trafficSuricata IDS: 2058512 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (tentabatte .lat) : 192.168.2.10:59072 -> 1.1.1.1:53
    Source: Network trafficSuricata IDS: 2058484 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (curverpluch .lat) : 192.168.2.10:54699 -> 1.1.1.1:53
    Source: Network trafficSuricata IDS: 2058500 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (shapestickyr .lat) : 192.168.2.10:58259 -> 1.1.1.1:53
    Source: Network trafficSuricata IDS: 2058492 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (manyrestro .lat) : 192.168.2.10:50806 -> 1.1.1.1:53
    Source: Network trafficSuricata IDS: 2858666 - Severity 1 - ETPRO MALWARE Win32/Lumma Stealer Steam Profile Lookup : 192.168.2.10:49717 -> 104.102.49.254:443
    C2 URLs / IPs found in malware configuration
    Source: Malware configuration extractorURLs: dxkushha.com
    Source: Malware configuration extractorURLs: wordyfindy.lat
    Source: Joe Sandbox ViewIP Address: 104.102.49.254 104.102.49.254
    Source: Joe Sandbox ViewJA3 fingerprint: a0e9f5d64349fb13191bc781f81f42e1
    Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.10:49717 -> 104.102.49.254:443
    Source: global trafficHTTP traffic detected: GET /profiles/76561199724331900 HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: steamcommunity.com
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: global trafficHTTP traffic detected: GET /profiles/76561199724331900 HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: steamcommunity.com
    Source: 1.exe, 00000000.00000002.1596254643.00000000007AD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Content-Security-Policy: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.fastly.steamstatic.com/ https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.fastly.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://checkout.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://store.steampowered.com/; equals www.youtube.com (Youtube)
    Source: 1.exe, 00000000.00000003.1326607333.00000000007AD000.00000004.00000020.00020000.00000000.sdmp, 1.exe, 00000000.00000003.1326642957.00000000007DD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.fastly.steamstatic.com/ https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.fastly.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ h equals www.youtube.com (Youtube)
    Source: 1.exe, 00000000.00000003.1326561693.00000000007DE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: ttps://login.steampowered.com/ https://checkout.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://store.steampowered.com/; equals www.youtube.com (Youtube)
    Source: 1.exe, 00000000.00000003.1326561693.00000000007DE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: ttps://login.steampowered.com/ https://checkout.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://store.steampowered.com/;Persistent-AuthWWW-AuthenticateVarysteamCountry=US%7C185ce35c568ebbb18a145d0cabae7186; Path=/; Secure; HttpOnly; SameSite=Nonesessionid=595ccf85d8f9c06be4c18019; Path=/; Secure; SameSite=NoneSet-CookienginxServerRetry-AfterProxy-SupportProxy-AuthenticateP3PLocationETagAuthentication-InfoAgeAccept-RangesLast-ModifiedMon, 26 Jul 1997 05:00:00 GMTExpiresContent-RangeContent-MD5Content-LocationContent-LanguageContent-Encodingtext/html; charset=UTF-8Content-Type25665Content-LengthAllowWarningViaUpgradeTransfer-EncodingTrailerPragmaKeep-AliveFri, 10 Jan 2025 10:35:10 GMTDateProxy-ConnectioncloseConnectionno-cacheCache-Control equals www.youtube.com (Youtube)
    Source: 1.exe, 00000000.00000003.1326607333.00000000007AD000.00000004.00000020.00020000.00000000.sdmp, 1.exe, 00000000.00000003.1326642957.00000000007DD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: }Content-Security-Policydefault-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.fastly.steamstatic.com/ https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.fastly.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ h equals www.youtube.com (Youtube)
    Source: global trafficDNS traffic detected: DNS query: dxkushha.com
    Source: global trafficDNS traffic detected: DNS query: wordyfindy.lat
    Source: global trafficDNS traffic detected: DNS query: slipperyloo.lat
    Source: global trafficDNS traffic detected: DNS query: manyrestro.lat
    Source: global trafficDNS traffic detected: DNS query: shapestickyr.lat
    Source: global trafficDNS traffic detected: DNS query: talkynicer.lat
    Source: global trafficDNS traffic detected: DNS query: curverpluch.lat
    Source: global trafficDNS traffic detected: DNS query: tentabatte.lat
    Source: global trafficDNS traffic detected: DNS query: bashfulacid.lat
    Source: global trafficDNS traffic detected: DNS query: steamcommunity.com
    Source: 1.exe, 00000000.00000003.1326642957.00000000007DD000.00000004.00000020.00020000.00000000.sdmp, 1.exe, 00000000.00000002.1596254643.00000000007AD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://127.0.0.1:27060
    Source: 1.exe, 00000000.00000003.1326561693.00000000007E5000.00000004.00000020.00020000.00000000.sdmp, 1.exe, 00000000.00000002.1596014303.000000000074A000.00000004.00000020.00020000.00000000.sdmp, 1.exe, 00000000.00000003.1326561693.00000000007DE000.00000004.00000020.00020000.00000000.sdmp, 1.exe, 00000000.00000003.1326642957.00000000007E5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://store.steampowered.com/account/cookiepreferences/
    Source: 1.exe, 00000000.00000003.1326561693.00000000007E5000.00000004.00000020.00020000.00000000.sdmp, 1.exe, 00000000.00000002.1596014303.000000000074A000.00000004.00000020.00020000.00000000.sdmp, 1.exe, 00000000.00000003.1326561693.00000000007DE000.00000004.00000020.00020000.00000000.sdmp, 1.exe, 00000000.00000003.1326642957.00000000007E5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://store.steampowered.com/privacy_agreement/
    Source: 1.exe, 00000000.00000003.1326561693.00000000007E5000.00000004.00000020.00020000.00000000.sdmp, 1.exe, 00000000.00000002.1596014303.000000000074A000.00000004.00000020.00020000.00000000.sdmp, 1.exe, 00000000.00000003.1326561693.00000000007DE000.00000004.00000020.00020000.00000000.sdmp, 1.exe, 00000000.00000003.1326642957.00000000007E5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://store.steampowered.com/subscriber_agreement/
    Source: Amcache.hve.4.drString found in binary or memory: http://upx.sf.net
    Source: 1.exe, 00000000.00000003.1326561693.00000000007E5000.00000004.00000020.00020000.00000000.sdmp, 1.exe, 00000000.00000003.1326642957.00000000007E5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.valvesoftware.com/legal.htm
    Source: 1.exe, 00000000.00000002.1596254643.00000000007AD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.steampowered.com/
    Source: 1.exe, 00000000.00000003.1326642957.00000000007DD000.00000004.00000020.00020000.00000000.sdmp, 1.exe, 00000000.00000002.1596254643.00000000007AD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://broadcast.st.dl.eccdnx.com
    Source: 1.exe, 00000000.00000003.1326642957.00000000007DD000.00000004.00000020.00020000.00000000.sdmp, 1.exe, 00000000.00000002.1596254643.00000000007AD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/
    Source: 1.exe, 00000000.00000002.1596254643.00000000007AD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://checkout.steampowered.com/
    Source: 1.exe, 00000000.00000002.1596254643.00000000007AD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/
    Source: 1.exe, 00000000.00000003.1326561693.00000000007E5000.00000004.00000020.00020000.00000000.sdmp, 1.exe, 00000000.00000002.1596014303.000000000074A000.00000004.00000020.00020000.00000000.sdmp, 1.exe, 00000000.00000003.1326561693.00000000007DE000.00000004.00000020.00020000.00000000.sdmp, 1.exe, 00000000.00000003.1326642957.00000000007E5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/css/applications/community/main.css?v=SCXpgixTDzt4&a
    Source: 1.exe, 00000000.00000003.1326561693.00000000007E5000.00000004.00000020.00020000.00000000.sdmp, 1.exe, 00000000.00000003.1326561693.00000000007DE000.00000004.00000020.00020000.00000000.sdmp, 1.exe, 00000000.00000003.1326642957.00000000007E5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/css/globalv2.css?v=hzEgqbtRcI5V&l=english&_c
    Source: 1.exe, 00000000.00000003.1326561693.00000000007E5000.00000004.00000020.00020000.00000000.sdmp, 1.exe, 00000000.00000003.1326561693.00000000007DE000.00000004.00000020.00020000.00000000.sdmp, 1.exe, 00000000.00000003.1326642957.00000000007E5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/css/skin_1/fatalerror.css?v=OFUqlcDNiD6y&l=engli
    Source: 1.exe, 00000000.00000003.1326561693.00000000007E5000.00000004.00000020.00020000.00000000.sdmp, 1.exe, 00000000.00000003.1326561693.00000000007DE000.00000004.00000020.00020000.00000000.sdmp, 1.exe, 00000000.00000003.1326642957.00000000007E5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/css/skin_1/header.css?v=EM4kCu67DNda&l=english&a
    Source: 1.exe, 00000000.00000003.1326561693.00000000007E5000.00000004.00000020.00020000.00000000.sdmp, 1.exe, 00000000.00000002.1596014303.000000000074A000.00000004.00000020.00020000.00000000.sdmp, 1.exe, 00000000.00000003.1326561693.00000000007DE000.00000004.00000020.00020000.00000000.sdmp, 1.exe, 00000000.00000003.1326642957.00000000007E5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/images/skin_1/footerLogo_valve.png?v=1
    Source: 1.exe, 00000000.00000003.1326561693.00000000007E5000.00000004.00000020.00020000.00000000.sdmp, 1.exe, 00000000.00000002.1596014303.000000000074A000.00000004.00000020.00020000.00000000.sdmp, 1.exe, 00000000.00000003.1326561693.00000000007DE000.00000004.00000020.00020000.00000000.sdmp, 1.exe, 00000000.00000003.1326642957.00000000007E5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/applications/community/libraries~b28b7af6
    Source: 1.exe, 00000000.00000003.1326561693.00000000007E5000.00000004.00000020.00020000.00000000.sdmp, 1.exe, 00000000.00000002.1596014303.000000000074A000.00000004.00000020.00020000.00000000.sdmp, 1.exe, 00000000.00000003.1326561693.00000000007DE000.00000004.00000020.00020000.00000000.sdmp, 1.exe, 00000000.00000003.1326642957.00000000007E5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/applications/community/main.js?v=M_FULq_A
    Source: 1.exe, 00000000.00000003.1326561693.00000000007E5000.00000004.00000020.00020000.00000000.sdmp, 1.exe, 00000000.00000002.1596014303.000000000074A000.00000004.00000020.00020000.00000000.sdmp, 1.exe, 00000000.00000003.1326561693.00000000007DE000.00000004.00000020.00020000.00000000.sdmp, 1.exe, 00000000.00000003.1326642957.00000000007E5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/applications/community/manifest.js?v=aep8
    Source: 1.exe, 00000000.00000003.1326561693.00000000007E5000.00000004.00000020.00020000.00000000.sdmp, 1.exe, 00000000.00000003.1326561693.00000000007DE000.00000004.00000020.00020000.00000000.sdmp, 1.exe, 00000000.00000003.1326642957.00000000007E5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/global.js?v=jWc2JLWHx5Kn&l=english&am
    Source: 1.exe, 00000000.00000003.1326561693.00000000007E5000.00000004.00000020.00020000.00000000.sdmp, 1.exe, 00000000.00000003.1326561693.00000000007DE000.00000004.00000020.00020000.00000000.sdmp, 1.exe, 00000000.00000003.1326642957.00000000007E5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/jquery-1.11.1.min.js?v=gQHVlrK4-jX-&l
    Source: 1.exe, 00000000.00000003.1326561693.00000000007E5000.00000004.00000020.00020000.00000000.sdmp, 1.exe, 00000000.00000003.1326561693.00000000007DE000.00000004.00000020.00020000.00000000.sdmp, 1.exe, 00000000.00000003.1326642957.00000000007E5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/prototype-1.7.js?v=npJElBnrEO6W&l=eng
    Source: 1.exe, 00000000.00000003.1326561693.00000000007E5000.00000004.00000020.00020000.00000000.sdmp, 1.exe, 00000000.00000003.1326561693.00000000007DE000.00000004.00000020.00020000.00000000.sdmp, 1.exe, 00000000.00000003.1326642957.00000000007E5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=pbdAKOcDIgbC
    Source: 1.exe, 00000000.00000003.1326561693.00000000007E5000.00000004.00000020.00020000.00000000.sdmp, 1.exe, 00000000.00000003.1326561693.00000000007DE000.00000004.00000020.00020000.00000000.sdmp, 1.exe, 00000000.00000003.1326642957.00000000007E5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/css/buttons.css?v=qhQgyjWi6LgJ&l=english&
    Source: 1.exe, 00000000.00000003.1326561693.00000000007E5000.00000004.00000020.00020000.00000000.sdmp, 1.exe, 00000000.00000003.1326561693.00000000007DE000.00000004.00000020.00020000.00000000.sdmp, 1.exe, 00000000.00000003.1326642957.00000000007E5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/css/motiva_sans.css?v=-yZgCk0Nu7kH&l=engl
    Source: 1.exe, 00000000.00000003.1326561693.00000000007E5000.00000004.00000020.00020000.00000000.sdmp, 1.exe, 00000000.00000003.1326561693.00000000007DE000.00000004.00000020.00020000.00000000.sdmp, 1.exe, 00000000.00000003.1326642957.00000000007E5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/css/shared_global.css?v=Eq36AUaEgab8&l=en
    Source: 1.exe, 00000000.00000003.1326561693.00000000007E5000.00000004.00000020.00020000.00000000.sdmp, 1.exe, 00000000.00000003.1326561693.00000000007DE000.00000004.00000020.00020000.00000000.sdmp, 1.exe, 00000000.00000003.1326642957.00000000007E5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/css/shared_responsive.css?v=JL1e4uQSrVGe&
    Source: 1.exe, 00000000.00000003.1326561693.00000000007E5000.00000004.00000020.00020000.00000000.sdmp, 1.exe, 00000000.00000003.1326642957.00000000007E5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/images/header/logo_steam.svg?t=962016
    Source: 1.exe, 00000000.00000003.1326561693.00000000007E5000.00000004.00000020.00020000.00000000.sdmp, 1.exe, 00000000.00000003.1326642957.00000000007E5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/images/responsive/header_logo.png
    Source: 1.exe, 00000000.00000003.1326561693.00000000007E5000.00000004.00000020.00020000.00000000.sdmp, 1.exe, 00000000.00000003.1326642957.00000000007E5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.png
    Source: 1.exe, 00000000.00000003.1326561693.00000000007E5000.00000004.00000020.00020000.00000000.sdmp, 1.exe, 00000000.00000003.1326642957.00000000007E5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/images/responsive/logo_valve_footer.png
    Source: 1.exe, 00000000.00000003.1326561693.00000000007E5000.00000004.00000020.00020000.00000000.sdmp, 1.exe, 00000000.00000003.1326561693.00000000007DE000.00000004.00000020.00020000.00000000.sdmp, 1.exe, 00000000.00000003.1326642957.00000000007E5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/javascript/auth_refresh.js?v=w6QbwI-5-j2S&amp
    Source: 1.exe, 00000000.00000003.1326561693.00000000007E5000.00000004.00000020.00020000.00000000.sdmp, 1.exe, 00000000.00000003.1326561693.00000000007DE000.00000004.00000020.00020000.00000000.sdmp, 1.exe, 00000000.00000003.1326642957.00000000007E5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/javascript/shared_global.js?v=Gr6TbGRvDtNE&am
    Source: 1.exe, 00000000.00000003.1326561693.00000000007E5000.00000004.00000020.00020000.00000000.sdmp, 1.exe, 00000000.00000003.1326561693.00000000007DE000.00000004.00000020.00020000.00000000.sdmp, 1.exe, 00000000.00000003.1326642957.00000000007E5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/javascript/shared_responsive_adapter.js?v=tvQ
    Source: 1.exe, 00000000.00000003.1326561693.00000000007E5000.00000004.00000020.00020000.00000000.sdmp, 1.exe, 00000000.00000003.1326561693.00000000007DE000.00000004.00000020.00020000.00000000.sdmp, 1.exe, 00000000.00000003.1326642957.00000000007E5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/javascript/tooltip.js?v=QYkT4eS5mbTN&l=en
    Source: 1.exe, 00000000.00000002.1596254643.00000000007AD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://help.steampowered.com/
    Source: 1.exe, 00000000.00000003.1326561693.00000000007E5000.00000004.00000020.00020000.00000000.sdmp, 1.exe, 00000000.00000003.1326642957.00000000007E5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://help.steampowered.com/en/
    Source: 1.exe, 00000000.00000002.1596254643.00000000007AD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.steampowered.com/
    Source: 1.exe, 00000000.00000003.1326642957.00000000007DD000.00000004.00000020.00020000.00000000.sdmp, 1.exe, 00000000.00000002.1596254643.00000000007AD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lv.queniujq.cn
    Source: 1.exe, 00000000.00000003.1326561693.00000000007DE000.00000004.00000020.00020000.00000000.sdmp, 1.exe, 00000000.00000002.1596254643.00000000007AD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://medal.tv
    Source: 1.exe, 00000000.00000003.1326561693.00000000007DE000.00000004.00000020.00020000.00000000.sdmp, 1.exe, 00000000.00000002.1596254643.00000000007AD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://player.vimeo.com
    Source: 1.exe, 00000000.00000003.1326642957.00000000007DD000.00000004.00000020.00020000.00000000.sdmp, 1.exe, 00000000.00000002.1596254643.00000000007AD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://recaptcha.net
    Source: 1.exe, 00000000.00000003.1326561693.00000000007DE000.00000004.00000020.00020000.00000000.sdmp, 1.exe, 00000000.00000002.1596254643.00000000007AD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://recaptcha.net/recaptcha/;
    Source: 1.exe, 00000000.00000003.1326642957.00000000007DD000.00000004.00000020.00020000.00000000.sdmp, 1.exe, 00000000.00000002.1596254643.00000000007AD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://s.ytimg.com;
    Source: 1.exe, 00000000.00000003.1326561693.00000000007DE000.00000004.00000020.00020000.00000000.sdmp, 1.exe, 00000000.00000002.1596254643.00000000007AD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sketchfab.com
    Source: 1.exe, 00000000.00000003.1326642957.00000000007DD000.00000004.00000020.00020000.00000000.sdmp, 1.exe, 00000000.00000002.1596254643.00000000007AD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steam.tv/
    Source: 1.exe, 00000000.00000003.1326642957.00000000007DD000.00000004.00000020.00020000.00000000.sdmp, 1.exe, 00000000.00000002.1596254643.00000000007AD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steambroadcast-test.akamaized.net
    Source: 1.exe, 00000000.00000003.1326642957.00000000007DD000.00000004.00000020.00020000.00000000.sdmp, 1.exe, 00000000.00000002.1596254643.00000000007AD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steambroadcast.akamaized.net
    Source: 1.exe, 00000000.00000003.1326642957.00000000007DD000.00000004.00000020.00020000.00000000.sdmp, 1.exe, 00000000.00000002.1596254643.00000000007AD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steambroadcastchat.akamaized.net
    Source: 1.exe, 00000000.00000003.1326561693.00000000007E5000.00000004.00000020.00020000.00000000.sdmp, 1.exe, 00000000.00000002.1596014303.000000000074A000.00000004.00000020.00020000.00000000.sdmp, 1.exe, 00000000.00000003.1326561693.00000000007DE000.00000004.00000020.00020000.00000000.sdmp, 1.exe, 00000000.00000003.1326642957.00000000007E5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com
    Source: 1.exe, 00000000.00000003.1326642957.00000000007E5000.00000004.00000020.00020000.00000000.sdmp, 1.exe, 00000000.00000002.1596254643.00000000007AD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/
    Source: 1.exe, 00000000.00000003.1326561693.00000000007E5000.00000004.00000020.00020000.00000000.sdmp, 1.exe, 00000000.00000003.1326642957.00000000007E5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/?subsection=broadcasts
    Source: 1.exe, 00000000.00000003.1326561693.00000000007E5000.00000004.00000020.00020000.00000000.sdmp, 1.exe, 00000000.00000003.1326642957.00000000007E5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/discussions/
    Source: 1.exe, 00000000.00000003.1326561693.00000000007E5000.00000004.00000020.00020000.00000000.sdmp, 1.exe, 00000000.00000002.1596014303.000000000074A000.00000004.00000020.00020000.00000000.sdmp, 1.exe, 00000000.00000003.1326561693.00000000007DE000.00000004.00000020.00020000.00000000.sdmp, 1.exe, 00000000.00000003.1326642957.00000000007E5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/linkfilter/?u=http%3A%2F%2Fwww.geonames.org
    Source: 1.exe, 00000000.00000003.1326642957.00000000007E5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/login/home/?goto=profiles%2F76561199724331900
    Source: 1.exe, 00000000.00000003.1326607333.00000000007AD000.00000004.00000020.00020000.00000000.sdmp, 1.exe, 00000000.00000003.1326642957.00000000007DD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/lstu
    Source: 1.exe, 00000000.00000003.1326561693.00000000007E5000.00000004.00000020.00020000.00000000.sdmp, 1.exe, 00000000.00000003.1326642957.00000000007E5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/market/
    Source: 1.exe, 00000000.00000003.1326561693.00000000007E5000.00000004.00000020.00020000.00000000.sdmp, 1.exe, 00000000.00000003.1326561693.00000000007DE000.00000004.00000020.00020000.00000000.sdmp, 1.exe, 00000000.00000003.1326642957.00000000007E5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/my/wishlist/
    Source: 1.exe, 00000000.00000002.1596086486.0000000000775000.00000004.00000020.00020000.00000000.sdmp, 1.exe, 00000000.00000003.1326685663.0000000000775000.00000004.00000020.00020000.00000000.sdmp, 1.exe, 00000000.00000002.1596086486.000000000075D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561199724331900
    Source: 1.exe, 00000000.00000003.1326561693.00000000007E5000.00000004.00000020.00020000.00000000.sdmp, 1.exe, 00000000.00000003.1326642957.00000000007E5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/workshop/
    Source: 1.exe, 00000000.00000002.1596254643.00000000007AD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/
    Source: 1.exe, 00000000.00000003.1326607333.00000000007AD000.00000004.00000020.00020000.00000000.sdmp, 1.exe, 00000000.00000003.1326685663.00000000007AD000.00000004.00000020.00020000.00000000.sdmp, 1.exe, 00000000.00000003.1326561693.00000000007DE000.00000004.00000020.00020000.00000000.sdmp, 1.exe, 00000000.00000002.1596254643.00000000007AD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/;
    Source: 1.exe, 00000000.00000003.1326561693.00000000007DE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/;Persistent-AuthWWW-AuthenticateVarysteamCountry=US%7C185ce35c568ebbb
    Source: 1.exe, 00000000.00000003.1326642957.00000000007E5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/about/
    Source: 1.exe, 00000000.00000003.1326561693.00000000007E5000.00000004.00000020.00020000.00000000.sdmp, 1.exe, 00000000.00000003.1326561693.00000000007DE000.00000004.00000020.00020000.00000000.sdmp, 1.exe, 00000000.00000003.1326642957.00000000007E5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/explore/
    Source: 1.exe, 00000000.00000003.1326561693.00000000007E5000.00000004.00000020.00020000.00000000.sdmp, 1.exe, 00000000.00000002.1596014303.000000000074A000.00000004.00000020.00020000.00000000.sdmp, 1.exe, 00000000.00000003.1326561693.00000000007DE000.00000004.00000020.00020000.00000000.sdmp, 1.exe, 00000000.00000003.1326642957.00000000007E5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/legal/
    Source: 1.exe, 00000000.00000003.1326561693.00000000007E5000.00000004.00000020.00020000.00000000.sdmp, 1.exe, 00000000.00000003.1326642957.00000000007E5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/mobile
    Source: 1.exe, 00000000.00000003.1326561693.00000000007E5000.00000004.00000020.00020000.00000000.sdmp, 1.exe, 00000000.00000003.1326642957.00000000007E5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/news/
    Source: 1.exe, 00000000.00000003.1326561693.00000000007DE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/points/shop
    Source: 1.exe, 00000000.00000003.1326561693.00000000007E5000.00000004.00000020.00020000.00000000.sdmp, 1.exe, 00000000.00000003.1326642957.00000000007E5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/points/shop/
    Source: 1.exe, 00000000.00000003.1326561693.00000000007E5000.00000004.00000020.00020000.00000000.sdmp, 1.exe, 00000000.00000003.1326642957.00000000007E5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/privacy_agreement/
    Source: 1.exe, 00000000.00000003.1326561693.00000000007E5000.00000004.00000020.00020000.00000000.sdmp, 1.exe, 00000000.00000003.1326642957.00000000007E5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/stats/
    Source: 1.exe, 00000000.00000003.1326561693.00000000007E5000.00000004.00000020.00020000.00000000.sdmp, 1.exe, 00000000.00000003.1326642957.00000000007E5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/steam_refunds/
    Source: 1.exe, 00000000.00000003.1326561693.00000000007E5000.00000004.00000020.00020000.00000000.sdmp, 1.exe, 00000000.00000003.1326642957.00000000007E5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/subscriber_agreement/
    Source: 1.exe, 00000000.00000003.1326561693.00000000007DE000.00000004.00000020.00020000.00000000.sdmp, 1.exe, 00000000.00000002.1596254643.00000000007AD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com
    Source: 1.exe, 00000000.00000002.1596254643.00000000007AD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/recaptcha/
    Source: 1.exe, 00000000.00000003.1326642957.00000000007DD000.00000004.00000020.00020000.00000000.sdmp, 1.exe, 00000000.00000002.1596254643.00000000007AD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.cn/recaptcha/
    Source: 1.exe, 00000000.00000003.1326642957.00000000007DD000.00000004.00000020.00020000.00000000.sdmp, 1.exe, 00000000.00000002.1596254643.00000000007AD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.com/recaptcha/
    Source: 1.exe, 00000000.00000003.1326561693.00000000007E5000.00000004.00000020.00020000.00000000.sdmp, 1.exe, 00000000.00000003.1326685663.0000000000757000.00000004.00000020.00020000.00000000.sdmp, 1.exe, 00000000.00000003.1326561693.00000000007DE000.00000004.00000020.00020000.00000000.sdmp, 1.exe, 00000000.00000003.1326642957.00000000007E5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20Feedback
    Source: 1.exe, 00000000.00000003.1326561693.00000000007DE000.00000004.00000020.00020000.00000000.sdmp, 1.exe, 00000000.00000002.1596254643.00000000007AD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com
    Source: 1.exe, 00000000.00000003.1326642957.00000000007DD000.00000004.00000020.00020000.00000000.sdmp, 1.exe, 00000000.00000002.1596254643.00000000007AD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49717
    Source: unknownNetwork traffic detected: HTTP traffic on port 49717 -> 443
    Source: unknownHTTPS traffic detected: 104.102.49.254:443 -> 192.168.2.10:49717 version: TLS 1.2
    Source: C:\Users\user\Desktop\1.exeCode function: 0_2_00431B10 OpenClipboard,GetClipboardData,GlobalLock,GetWindowLongW,GlobalUnlock,CloseClipboard,0_2_00431B10
    Source: C:\Users\user\Desktop\1.exeCode function: 0_2_00431B10 OpenClipboard,GetClipboardData,GlobalLock,GetWindowLongW,GlobalUnlock,CloseClipboard,0_2_00431B10
    Source: C:\Users\user\Desktop\1.exeCode function: 0_2_00431D10 GetDC,GetSystemMetrics,GetSystemMetrics,GetSystemMetrics,GetCurrentObject,GetObjectW,DeleteObject,CreateCompatibleDC,CreateCompatibleBitmap,SelectObject,BitBlt,0_2_00431D10

    System Summary

    barindex
    Malicious sample detected (through community Yara rule)
    Source: 00000000.00000002.1595867373.00000000005D0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_RedLineStealer_ed346e4c Author: unknown
    Source: 00000000.00000002.1595932109.0000000000630000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Smokeloader_3687686f Author: unknown
    Source: C:\Users\user\Desktop\1.exeCode function: 0_2_0040B14F0_2_0040B14F
    Source: C:\Users\user\Desktop\1.exeCode function: 0_2_004087200_2_00408720
    Source: C:\Users\user\Desktop\1.exeCode function: 0_2_0041D8400_2_0041D840
    Source: C:\Users\user\Desktop\1.exeCode function: 0_2_0041A8000_2_0041A800
    Source: C:\Users\user\Desktop\1.exeCode function: 0_2_0043A8000_2_0043A800
    Source: C:\Users\user\Desktop\1.exeCode function: 0_2_0043B8130_2_0043B813
    Source: C:\Users\user\Desktop\1.exeCode function: 0_2_004198200_2_00419820
    Source: C:\Users\user\Desktop\1.exeCode function: 0_2_0041683F0_2_0041683F
    Source: C:\Users\user\Desktop\1.exeCode function: 0_2_0043483C0_2_0043483C
    Source: C:\Users\user\Desktop\1.exeCode function: 0_2_004220C00_2_004220C0
    Source: C:\Users\user\Desktop\1.exeCode function: 0_2_004380C50_2_004380C5
    Source: C:\Users\user\Desktop\1.exeCode function: 0_2_004460D50_2_004460D5
    Source: C:\Users\user\Desktop\1.exeCode function: 0_2_0043A0D00_2_0043A0D0
    Source: C:\Users\user\Desktop\1.exeCode function: 0_2_004230E00_2_004230E0
    Source: C:\Users\user\Desktop\1.exeCode function: 0_2_004270F90_2_004270F9
    Source: C:\Users\user\Desktop\1.exeCode function: 0_2_004180950_2_00418095
    Source: C:\Users\user\Desktop\1.exeCode function: 0_2_0042C8940_2_0042C894
    Source: C:\Users\user\Desktop\1.exeCode function: 0_2_004368A00_2_004368A0
    Source: C:\Users\user\Desktop\1.exeCode function: 0_2_0043D1400_2_0043D140
    Source: C:\Users\user\Desktop\1.exeCode function: 0_2_004039600_2_00403960
    Source: C:\Users\user\Desktop\1.exeCode function: 0_2_004059700_2_00405970
    Source: C:\Users\user\Desktop\1.exeCode function: 0_2_0040C97C0_2_0040C97C
    Source: C:\Users\user\Desktop\1.exeCode function: 0_2_004351350_2_00435135
    Source: C:\Users\user\Desktop\1.exeCode function: 0_2_004061D00_2_004061D0
    Source: C:\Users\user\Desktop\1.exeCode function: 0_2_0042C9DA0_2_0042C9DA
    Source: C:\Users\user\Desktop\1.exeCode function: 0_2_0042C9E90_2_0042C9E9
    Source: C:\Users\user\Desktop\1.exeCode function: 0_2_0043E1F00_2_0043E1F0
    Source: C:\Users\user\Desktop\1.exeCode function: 0_2_0042C9840_2_0042C984
    Source: C:\Users\user\Desktop\1.exeCode function: 0_2_004259B00_2_004259B0
    Source: C:\Users\user\Desktop\1.exeCode function: 0_2_00427A400_2_00427A40
    Source: C:\Users\user\Desktop\1.exeCode function: 0_2_0043D2400_2_0043D240
    Source: C:\Users\user\Desktop\1.exeCode function: 0_2_00414A500_2_00414A50
    Source: C:\Users\user\Desktop\1.exeCode function: 0_2_0041C2050_2_0041C205
    Source: C:\Users\user\Desktop\1.exeCode function: 0_2_0041720B0_2_0041720B
    Source: C:\Users\user\Desktop\1.exeCode function: 0_2_00408A200_2_00408A20
    Source: C:\Users\user\Desktop\1.exeCode function: 0_2_0041E2300_2_0041E230
    Source: C:\Users\user\Desktop\1.exeCode function: 0_2_004262300_2_00426230
    Source: C:\Users\user\Desktop\1.exeCode function: 0_2_0041AAE00_2_0041AAE0
    Source: C:\Users\user\Desktop\1.exeCode function: 0_2_0042C2890_2_0042C289
    Source: C:\Users\user\Desktop\1.exeCode function: 0_2_004092900_2_00409290
    Source: C:\Users\user\Desktop\1.exeCode function: 0_2_00411A940_2_00411A94
    Source: C:\Users\user\Desktop\1.exeCode function: 0_2_0040F2A00_2_0040F2A0
    Source: C:\Users\user\Desktop\1.exeCode function: 0_2_0040D35C0_2_0040D35C
    Source: C:\Users\user\Desktop\1.exeCode function: 0_2_00417B750_2_00417B75
    Source: C:\Users\user\Desktop\1.exeCode function: 0_2_004043100_2_00404310
    Source: C:\Users\user\Desktop\1.exeCode function: 0_2_00431B100_2_00431B10
    Source: C:\Users\user\Desktop\1.exeCode function: 0_2_0040AB200_2_0040AB20
    Source: C:\Users\user\Desktop\1.exeCode function: 0_2_0043D3200_2_0043D320
    Source: C:\Users\user\Desktop\1.exeCode function: 0_2_00436BF00_2_00436BF0
    Source: C:\Users\user\Desktop\1.exeCode function: 0_2_0042A3B00_2_0042A3B0
    Source: C:\Users\user\Desktop\1.exeCode function: 0_2_0043D3B00_2_0043D3B0
    Source: C:\Users\user\Desktop\1.exeCode function: 0_2_0043DBB00_2_0043DBB0
    Source: C:\Users\user\Desktop\1.exeCode function: 0_2_004074400_2_00407440
    Source: C:\Users\user\Desktop\1.exeCode function: 0_2_00428C460_2_00428C46
    Source: C:\Users\user\Desktop\1.exeCode function: 0_2_00404C500_2_00404C50
    Source: C:\Users\user\Desktop\1.exeCode function: 0_2_0041DC500_2_0041DC50
    Source: C:\Users\user\Desktop\1.exeCode function: 0_2_0043D4500_2_0043D450
    Source: C:\Users\user\Desktop\1.exeCode function: 0_2_00423C600_2_00423C60
    Source: C:\Users\user\Desktop\1.exeCode function: 0_2_0040E4650_2_0040E465
    Source: C:\Users\user\Desktop\1.exeCode function: 0_2_004164E00_2_004164E0
    Source: C:\Users\user\Desktop\1.exeCode function: 0_2_004374F00_2_004374F0
    Source: C:\Users\user\Desktop\1.exeCode function: 0_2_0043E5400_2_0043E540
    Source: C:\Users\user\Desktop\1.exeCode function: 0_2_004215500_2_00421550
    Source: C:\Users\user\Desktop\1.exeCode function: 0_2_0041D5600_2_0041D560
    Source: C:\Users\user\Desktop\1.exeCode function: 0_2_00421D100_2_00421D10
    Source: C:\Users\user\Desktop\1.exeCode function: 0_2_0043A5100_2_0043A510
    Source: C:\Users\user\Desktop\1.exeCode function: 0_2_00427D940_2_00427D94
    Source: C:\Users\user\Desktop\1.exeCode function: 0_2_004156400_2_00415640
    Source: C:\Users\user\Desktop\1.exeCode function: 0_2_004256400_2_00425640
    Source: C:\Users\user\Desktop\1.exeCode function: 0_2_004066600_2_00406660
    Source: C:\Users\user\Desktop\1.exeCode function: 0_2_004196050_2_00419605
    Source: C:\Users\user\Desktop\1.exeCode function: 0_2_00405E300_2_00405E30
    Source: C:\Users\user\Desktop\1.exeCode function: 0_2_004266C00_2_004266C0
    Source: C:\Users\user\Desktop\1.exeCode function: 0_2_0042FEC00_2_0042FEC0
    Source: C:\Users\user\Desktop\1.exeCode function: 0_2_004226D30_2_004226D3
    Source: C:\Users\user\Desktop\1.exeCode function: 0_2_00437EA00_2_00437EA0
    Source: C:\Users\user\Desktop\1.exeCode function: 0_2_0043DEB00_2_0043DEB0
    Source: C:\Users\user\Desktop\1.exeCode function: 0_2_00402F400_2_00402F40
    Source: C:\Users\user\Desktop\1.exeCode function: 0_2_0042BF450_2_0042BF45
    Source: C:\Users\user\Desktop\1.exeCode function: 0_2_00410F710_2_00410F71
    Source: C:\Users\user\Desktop\1.exeCode function: 0_2_0041F7000_2_0041F700
    Source: C:\Users\user\Desktop\1.exeCode function: 0_2_004097100_2_00409710
    Source: C:\Users\user\Desktop\1.exeCode function: 0_2_0041DFC00_2_0041DFC0
    Source: C:\Users\user\Desktop\1.exeCode function: 0_2_0042DFC30_2_0042DFC3
    Source: C:\Users\user\Desktop\1.exeCode function: 0_2_00435FF00_2_00435FF0
    Source: C:\Users\user\Desktop\1.exeCode function: 0_2_00423FF10_2_00423FF1
    Source: C:\Users\user\Desktop\1.exeCode function: 0_2_004377900_2_00437790
    Source: C:\Users\user\Desktop\1.exeCode function: 0_2_006360970_2_00636097
    Source: C:\Users\user\Desktop\1.exeCode function: 0_2_006601270_2_00660127
    Source: C:\Users\user\Desktop\1.exeCode function: 0_2_006681070_2_00668107
    Source: C:\Users\user\Desktop\1.exeCode function: 0_2_0066E1170_2_0066E117
    Source: C:\Users\user\Desktop\1.exeCode function: 0_2_006411D80_2_006411D8
    Source: C:\Users\user\Desktop\1.exeCode function: 0_2_0065C1AC0_2_0065C1AC
    Source: C:\Users\user\Desktop\1.exeCode function: 0_2_006662570_2_00666257
    Source: C:\Users\user\Desktop\1.exeCode function: 0_2_0064E2270_2_0064E227
    Source: C:\Users\user\Desktop\1.exeCode function: 0_2_0065E22A0_2_0065E22A
    Source: C:\Users\user\Desktop\1.exeCode function: 0_2_006523270_2_00652327
    Source: C:\Users\user\Desktop\1.exeCode function: 0_2_0066A3370_2_0066A337
    Source: C:\Users\user\Desktop\1.exeCode function: 0_2_0066539C0_2_0066539C
    Source: C:\Users\user\Desktop\1.exeCode function: 0_2_0064C4670_2_0064C467
    Source: C:\Users\user\Desktop\1.exeCode function: 0_2_006474720_2_00647472
    Source: C:\Users\user\Desktop\1.exeCode function: 0_2_0066E4570_2_0066E457
    Source: C:\Users\user\Desktop\1.exeCode function: 0_2_006364370_2_00636437
    Source: C:\Users\user\Desktop\1.exeCode function: 0_2_006394F70_2_006394F7
    Source: C:\Users\user\Desktop\1.exeCode function: 0_2_0065C4F00_2_0065C4F0
    Source: C:\Users\user\Desktop\1.exeCode function: 0_2_006564970_2_00656497
    Source: C:\Users\user\Desktop\1.exeCode function: 0_2_0064E4970_2_0064E497
    Source: C:\Users\user\Desktop\1.exeCode function: 0_2_006345770_2_00634577
    Source: C:\Users\user\Desktop\1.exeCode function: 0_2_0063F5070_2_0063F507
    Source: C:\Users\user\Desktop\1.exeCode function: 0_2_0063D5C30_2_0063D5C3
    Source: C:\Users\user\Desktop\1.exeCode function: 0_2_0065A6170_2_0065A617
    Source: C:\Users\user\Desktop\1.exeCode function: 0_2_0063E6CC0_2_0063E6CC
    Source: C:\Users\user\Desktop\1.exeCode function: 0_2_006376A70_2_006376A7
    Source: C:\Users\user\Desktop\1.exeCode function: 0_2_0066A7770_2_0066A777
    Source: C:\Users\user\Desktop\1.exeCode function: 0_2_0064D7C70_2_0064D7C7
    Source: C:\Users\user\Desktop\1.exeCode function: 0_2_0066E7A70_2_0066E7A7
    Source: C:\Users\user\Desktop\1.exeCode function: 0_2_006517B70_2_006517B7
    Source: C:\Users\user\Desktop\1.exeCode function: 0_2_006487830_2_00648783
    Source: C:\Users\user\Desktop\1.exeCode function: 0_2_006368C70_2_006368C7
    Source: C:\Users\user\Desktop\1.exeCode function: 0_2_006558A70_2_006558A7
    Source: C:\Users\user\Desktop\1.exeCode function: 0_2_0064F9670_2_0064F967
    Source: C:\Users\user\Desktop\1.exeCode function: 0_2_006399770_2_00639977
    Source: C:\Users\user\Desktop\1.exeCode function: 0_2_006679F70_2_006679F7
    Source: C:\Users\user\Desktop\1.exeCode function: 0_2_006479BF0_2_006479BF
    Source: C:\Users\user\Desktop\1.exeCode function: 0_2_006389870_2_00638987
    Source: C:\Users\user\Desktop\1.exeCode function: 0_2_0064AA670_2_0064AA67
    Source: C:\Users\user\Desktop\1.exeCode function: 0_2_0066BA7A0_2_0066BA7A
    Source: C:\Users\user\Desktop\1.exeCode function: 0_2_0065CAFB0_2_0065CAFB
    Source: C:\Users\user\Desktop\1.exeCode function: 0_2_00646AA60_2_00646AA6
    Source: C:\Users\user\Desktop\1.exeCode function: 0_2_0064DAA70_2_0064DAA7
    Source: C:\Users\user\Desktop\1.exeCode function: 0_2_00664AA30_2_00664AA3
    Source: C:\Users\user\Desktop\1.exeCode function: 0_2_00649A870_2_00649A87
    Source: C:\Users\user\Desktop\1.exeCode function: 0_2_00666B070_2_00666B07
    Source: C:\Users\user\Desktop\1.exeCode function: 0_2_0063CBE30_2_0063CBE3
    Source: C:\Users\user\Desktop\1.exeCode function: 0_2_0065CBEB0_2_0065CBEB
    Source: C:\Users\user\Desktop\1.exeCode function: 0_2_00633BC70_2_00633BC7
    Source: C:\Users\user\Desktop\1.exeCode function: 0_2_00635BD70_2_00635BD7
    Source: C:\Users\user\Desktop\1.exeCode function: 0_2_0065CC410_2_0065CC41
    Source: C:\Users\user\Desktop\1.exeCode function: 0_2_0065CC500_2_0065CC50
    Source: C:\Users\user\Desktop\1.exeCode function: 0_2_00648C5A0_2_00648C5A
    Source: C:\Users\user\Desktop\1.exeCode function: 0_2_00641CFB0_2_00641CFB
    Source: C:\Users\user\Desktop\1.exeCode function: 0_2_00638C870_2_00638C87
    Source: C:\Users\user\Desktop\1.exeCode function: 0_2_00661D770_2_00661D77
    Source: C:\Users\user\Desktop\1.exeCode function: 0_2_0064AD470_2_0064AD47
    Source: C:\Users\user\Desktop\1.exeCode function: 0_2_0063AD870_2_0063AD87
    Source: C:\Users\user\Desktop\1.exeCode function: 0_2_00666E570_2_00666E57
    Source: C:\Users\user\Desktop\1.exeCode function: 0_2_0066DE170_2_0066DE17
    Source: C:\Users\user\Desktop\1.exeCode function: 0_2_0064DEB70_2_0064DEB7
    Source: C:\Users\user\Desktop\1.exeCode function: 0_2_00634EB70_2_00634EB7
    Source: C:\Users\user\Desktop\1.exeCode function: 0_2_00651F770_2_00651F77
    Source: C:\Users\user\Desktop\1.exeCode function: String function: 00407FF0 appears 45 times
    Source: C:\Users\user\Desktop\1.exeCode function: String function: 00638257 appears 77 times
    Source: C:\Users\user\Desktop\1.exeCode function: String function: 00414A40 appears 63 times
    Source: C:\Users\user\Desktop\1.exeCode function: String function: 00644CA7 appears 63 times
    Source: C:\Users\user\Desktop\1.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 7728 -s 612
    Source: 1.exe, 00000000.00000003.1309591447.0000000000795000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamesDefenca2 vs 1.exe
    Source: 1.exe, 00000000.00000000.1301224588.0000000000451000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenamesDefenca2 vs 1.exe
    Source: 1.exeBinary or memory string: OriginalFilenamesDefenca2 vs 1.exe
    Source: 1.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE
    Source: 00000000.00000002.1595867373.00000000005D0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_RedLineStealer_ed346e4c reference_sample = a91c1d3965f11509d1c1125210166b824a79650f29ea203983fffb5f8900858c, os = windows, severity = x86, creation_date = 2022-02-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 834c13b2e0497787e552bb1318664496d286e7cf57b4661e5e07bf1cffe61b82, id = ed346e4c-7890-41ee-8648-f512682fe20e, last_modified = 2022-04-12
    Source: 00000000.00000002.1595932109.0000000000630000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Smokeloader_3687686f reference_sample = 8b3014ecd962a335b246f6c70fc820247e8bdaef98136e464b1fdb824031eef7, os = windows, severity = x86, creation_date = 2021-07-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Smokeloader, fingerprint = 0f483f9f79ae29b944825c1987366d7b450312f475845e2242a07674580918bc, id = 3687686f-8fbf-4f09-9afa-612ee65dc86c, last_modified = 2021-08-23
    Source: 1.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
    Source: classification engineClassification label: mal100.troj.evad.winEXE@2/5@10/1
    Source: C:\Users\user\Desktop\1.exeCode function: 0_2_005D07A6 CreateToolhelp32Snapshot,Module32First,0_2_005D07A6
    Source: C:\Users\user\Desktop\1.exeCode function: 0_2_0042D110 CoCreateInstance,0_2_0042D110
    Source: C:\Windows\SysWOW64\WerFault.exeMutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess7728
    Source: C:\Windows\SysWOW64\WerFault.exeFile created: C:\ProgramData\Microsoft\Windows\WER\Temp\3b7dfabd-bc21-4b08-a430-3b88714c2a98Jump to behavior
    Source: 1.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
    Source: C:\Users\user\Desktop\1.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
    Source: 1.exeReversingLabs: Detection: 65%
    Source: 1.exeVirustotal: Detection: 54%
    Source: C:\Users\user\Desktop\1.exeFile read: C:\Users\user\Desktop\1.exeJump to behavior
    Source: unknownProcess created: C:\Users\user\Desktop\1.exe "C:\Users\user\Desktop\1.exe"
    Source: C:\Users\user\Desktop\1.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 7728 -s 612
    Source: C:\Users\user\Desktop\1.exeSection loaded: apphelp.dllJump to behavior
    Source: C:\Users\user\Desktop\1.exeSection loaded: msimg32.dllJump to behavior
    Source: C:\Users\user\Desktop\1.exeSection loaded: msvcr100.dllJump to behavior
    Source: C:\Users\user\Desktop\1.exeSection loaded: windows.storage.dllJump to behavior
    Source: C:\Users\user\Desktop\1.exeSection loaded: wldp.dllJump to behavior
    Source: C:\Users\user\Desktop\1.exeSection loaded: winhttp.dllJump to behavior
    Source: C:\Users\user\Desktop\1.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
    Source: C:\Users\user\Desktop\1.exeSection loaded: webio.dllJump to behavior
    Source: C:\Users\user\Desktop\1.exeSection loaded: mswsock.dllJump to behavior
    Source: C:\Users\user\Desktop\1.exeSection loaded: iphlpapi.dllJump to behavior
    Source: C:\Users\user\Desktop\1.exeSection loaded: winnsi.dllJump to behavior
    Source: C:\Users\user\Desktop\1.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Users\user\Desktop\1.exeSection loaded: dnsapi.dllJump to behavior
    Source: C:\Users\user\Desktop\1.exeSection loaded: rasadhlp.dllJump to behavior
    Source: C:\Users\user\Desktop\1.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
    Source: C:\Users\user\Desktop\1.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
    Source: C:\Users\user\Desktop\1.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
    Source: C:\Users\user\Desktop\1.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
    Source: C:\Users\user\Desktop\1.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
    Source: C:\Users\user\Desktop\1.exeSection loaded: fwpuclnt.dllJump to behavior
    Source: C:\Users\user\Desktop\1.exeSection loaded: schannel.dllJump to behavior
    Source: C:\Users\user\Desktop\1.exeSection loaded: mskeyprotect.dllJump to behavior
    Source: C:\Users\user\Desktop\1.exeSection loaded: ntasn1.dllJump to behavior
    Source: C:\Users\user\Desktop\1.exeSection loaded: ncrypt.dllJump to behavior
    Source: C:\Users\user\Desktop\1.exeSection loaded: ncryptsslp.dllJump to behavior
    Source: C:\Users\user\Desktop\1.exeSection loaded: msasn1.dllJump to behavior
    Source: C:\Users\user\Desktop\1.exeSection loaded: cryptsp.dllJump to behavior
    Source: C:\Users\user\Desktop\1.exeSection loaded: rsaenh.dllJump to behavior
    Source: C:\Users\user\Desktop\1.exeSection loaded: cryptbase.dllJump to behavior
    Source: C:\Users\user\Desktop\1.exeSection loaded: gpapi.dllJump to behavior
    Source: C:\Users\user\Desktop\1.exeSection loaded: dpapi.dllJump to behavior
    Source: C:\Users\user\Desktop\1.exeFile opened: C:\Windows\SysWOW64\msvcr100.dllJump to behavior

    Data Obfuscation

    barindex
    Detected unpacking (changes PE section rights)
    Source: C:\Users\user\Desktop\1.exeUnpacked PE file: 0.2.1.exe.400000.0.unpack .text:ER;.data:W;.rsrc:R; vs .text:ER;.rdata:R;.data:W;.reloc:R;
    Detected unpacking (overwrites its own PE header)
    Source: C:\Users\user\Desktop\1.exeUnpacked PE file: 0.2.1.exe.400000.0.unpack
    Source: C:\Users\user\Desktop\1.exeCode function: 0_2_0043D0F0 push eax; mov dword ptr [esp], 03020130h0_2_0043D0F1
    Source: C:\Users\user\Desktop\1.exeCode function: 0_2_00444943 push es; ret 0_2_0044494C
    Source: C:\Users\user\Desktop\1.exeCode function: 0_2_0043A480 push eax; mov dword ptr [esp], C9D6D7D4h0_2_0043A48E
    Source: C:\Users\user\Desktop\1.exeCode function: 0_2_005D344C push ebp; ret 0_2_005D344F
    Source: C:\Users\user\Desktop\1.exeCode function: 0_2_005D554C push es; retf 0_2_005D5559
    Source: C:\Users\user\Desktop\1.exeCode function: 0_2_005D156B push 00000039h; ret 0_2_005D15A2
    Source: C:\Users\user\Desktop\1.exeCode function: 0_2_005D1561 push 00000039h; ret 0_2_005D15A2
    Source: C:\Users\user\Desktop\1.exeCode function: 0_2_0066D357 push eax; mov dword ptr [esp], 03020130h0_2_0066D358
    Source: C:\Users\user\Desktop\1.exeCode function: 0_2_0066A6E7 push eax; mov dword ptr [esp], C9D6D7D4h0_2_0066A6F5
    Source: 1.exeStatic PE information: section name: .text entropy: 7.747222298774073
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\Desktop\1.exe TID: 7792Thread sleep time: -30000s >= -30000sJump to behavior
    Source: C:\Users\user\Desktop\1.exe TID: 7788Thread sleep time: -30000s >= -30000sJump to behavior
    Source: Amcache.hve.4.drBinary or memory string: VMware
    Source: Amcache.hve.4.drBinary or memory string: VMware Virtual USB Mouse
    Source: Amcache.hve.4.drBinary or memory string: vmci.syshbin
    Source: Amcache.hve.4.drBinary or memory string: VMware, Inc.
    Source: Amcache.hve.4.drBinary or memory string: VMware20,1hbin@
    Source: Amcache.hve.4.drBinary or memory string: c:\windows\system32\driverstore\filerepository\vmci.inf_amd64_68ed49469341f563
    Source: Amcache.hve.4.drBinary or memory string: Ascsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
    Source: Amcache.hve.4.drBinary or memory string: .Z$c:/windows/system32/drivers/vmci.sys
    Source: 1.exe, 00000000.00000002.1596014303.000000000074A000.00000004.00000020.00020000.00000000.sdmp, 1.exe, 00000000.00000003.1326685663.000000000079E000.00000004.00000020.00020000.00000000.sdmp, 1.exe, 00000000.00000003.1326968866.000000000079E000.00000004.00000020.00020000.00000000.sdmp, 1.exe, 00000000.00000002.1596222171.000000000079E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
    Source: Amcache.hve.4.drBinary or memory string: :scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
    Source: Amcache.hve.4.drBinary or memory string: pci\ven_15ad&dev_0740&subsys_074015ad,pci\ven_15ad&dev_0740,root\vmwvmcihostdev
    Source: Amcache.hve.4.drBinary or memory string: c:/windows/system32/drivers/vmci.sys
    Source: Amcache.hve.4.drBinary or memory string: scsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
    Source: Amcache.hve.4.drBinary or memory string: vmci.sys
    Source: Amcache.hve.4.drBinary or memory string: vmci.syshbin`
    Source: Amcache.hve.4.drBinary or memory string: \driver\vmci,\driver\pci
    Source: Amcache.hve.4.drBinary or memory string: scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
    Source: Amcache.hve.4.drBinary or memory string: VMware-42 27 ae 88 8c 2b 21 02-a5 86 22 5b 84 51 ac f0
    Source: Amcache.hve.4.drBinary or memory string: VMware20,1
    Source: Amcache.hve.4.drBinary or memory string: Microsoft Hyper-V Generation Counter
    Source: Amcache.hve.4.drBinary or memory string: NECVMWar VMware SATA CD00
    Source: Amcache.hve.4.drBinary or memory string: VMware Virtual disk SCSI Disk Device
    Source: Amcache.hve.4.drBinary or memory string: scsi\cdromnecvmwarvmware_sata_cd001.00,scsi\cdromnecvmwarvmware_sata_cd00,scsi\cdromnecvmwar,scsi\necvmwarvmware_sata_cd001,necvmwarvmware_sata_cd001,gencdrom
    Source: Amcache.hve.4.drBinary or memory string: scsi\diskvmware__virtual_disk____2.0_,scsi\diskvmware__virtual_disk____,scsi\diskvmware__,scsi\vmware__virtual_disk____2,vmware__virtual_disk____2,gendisk
    Source: Amcache.hve.4.drBinary or memory string: Microsoft Hyper-V Virtualization Infrastructure Driver
    Source: Amcache.hve.4.drBinary or memory string: VMware PCI VMCI Bus Device
    Source: Amcache.hve.4.drBinary or memory string: VMware VMCI Bus Device
    Source: Amcache.hve.4.drBinary or memory string: VMware Virtual RAM
    Source: 1.exe, 00000000.00000003.1326685663.000000000079E000.00000004.00000020.00020000.00000000.sdmp, 1.exe, 00000000.00000003.1326968866.000000000079E000.00000004.00000020.00020000.00000000.sdmp, 1.exe, 00000000.00000002.1596222171.000000000079E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWL
    Source: Amcache.hve.4.drBinary or memory string: BiosVendor:VMware, Inc.,BiosVersion:VMW201.00V.20829224.B64.2211211842,BiosReleaseDate:11/21/2022,BiosMajorRelease:0xff,BiosMinorRelease:0xff,SystemManufacturer:VMware, Inc.,SystemProduct:VMware20,1,SystemFamily:,SystemSKUNumber:,BaseboardManufacturer:,BaseboardProduct:,BaseboardVersion:,EnclosureType:0x1
    Source: Amcache.hve.4.drBinary or memory string: vmci.inf_amd64_68ed49469341f563
    Source: C:\Users\user\Desktop\1.exeCode function: 0_2_0043BAD0 LdrInitializeThunk,0_2_0043BAD0
    Source: C:\Users\user\Desktop\1.exeCode function: 0_2_005D0083 push dword ptr fs:[00000030h]0_2_005D0083
    Source: C:\Users\user\Desktop\1.exeCode function: 0_2_0063092B mov eax, dword ptr fs:[00000030h]0_2_0063092B
    Source: C:\Users\user\Desktop\1.exeCode function: 0_2_00630D90 mov eax, dword ptr fs:[00000030h]0_2_00630D90

    HIPS / PFW / Operating System Protection Evasion

    barindex
    LummaC encrypted strings found
    Source: 1.exeString found in binary or memory: bashfulacid.lat
    Source: 1.exeString found in binary or memory: tentabatte.lat
    Source: 1.exeString found in binary or memory: curverpluch.lat
    Source: 1.exeString found in binary or memory: talkynicer.lat
    Source: 1.exeString found in binary or memory: shapestickyr.lat
    Source: 1.exeString found in binary or memory: manyrestro.lat
    Source: 1.exeString found in binary or memory: slipperyloo.lat
    Source: 1.exeString found in binary or memory: wordyfindy.lat
    Source: 1.exeString found in binary or memory: dxkushha.com
    Source: C:\Users\user\Desktop\1.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
    Source: Amcache.hve.4.drBinary or memory string: c:\programdata\microsoft\windows defender\platform\4.18.23080.2006-0\msmpeng.exe
    Source: Amcache.hve.4.drBinary or memory string: msmpeng.exe
    Source: Amcache.hve.4.drBinary or memory string: c:\program files\windows defender\msmpeng.exe
    Source: Amcache.hve.4.drBinary or memory string: MsMpEng.exe

    Stealing of Sensitive Information

    barindex
    Yara detected LummaC Stealer
    Source: Yara matchFile source: decrypted.memstr, type: MEMORYSTR

    Remote Access Functionality

    barindex
    Yara detected LummaC Stealer
    Source: Yara matchFile source: decrypted.memstr, type: MEMORYSTR

    Mitre Att&ck Matrix

    ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
    Gather Victim Identity InformationAcquire InfrastructureValid Accounts1
    PowerShell    		1
    DLL Side-Loading    		1
    Process Injection    		1
    Virtualization/Sandbox Evasion    		OS Credential Dumping11
    Security Software Discovery    		Remote Services1
    Screen Capture    		11
    Encrypted Channel    		Exfiltration Over Other Network MediumAbuse Accessibility Features
    CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
    DLL Side-Loading    		1
    Process Injection    		LSASS Memory1
    Virtualization/Sandbox Evasion    		Remote Desktop Protocol1
    Archive Collected Data    		1
    Ingress Tool Transfer    		Exfiltration Over BluetoothNetwork Denial of Service
    Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)11
    Deobfuscate/Decode Files or Information    		Security Account Manager1
    Process Discovery    		SMB/Windows Admin Shares2
    Clipboard Data    		2
    Non-Application Layer Protocol    		Automated ExfiltrationData Encrypted for Impact
    Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook4
    Obfuscated Files or Information    		NTDS2
    System Information Discovery    		Distributed Component Object ModelInput Capture113
    Application Layer Protocol    		Traffic DuplicationData Destruction
    Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script22
    Software Packing    		LSA SecretsInternet Connection DiscoverySSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
    Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
    DLL Side-Loading    		Cached Domain CredentialsWi-Fi DiscoveryVNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop

    Behavior Graph

    Hide Legend

    Legend:

    • Process
    • Signature
    • Created File
    • DNS/IP Info
    • Is Dropped
    • Is Windows Process
    • Number of created Registry Values
    • Number of created Files
    • Visual Basic
    • Delphi
    • Java
    • .Net C# or VB.NET
    • C, C++ or other language
    • Is malicious
    • Internet

    Screenshots

    Thumbnails

    This section contains all screenshots as thumbnails, including those not shown in the slideshow.


    windows-stand

    Antivirus, Machine Learning and Genetic Malware Detection

    Initial Sample

    SourceDetectionScannerLabelLink
    1.exe66%ReversingLabsWin32.Backdoor.Andromeda
    1.exe54%VirustotalBrowse
    1.exe100%AviraHEUR/AGEN.1306956
    1.exe100%Joe Sandbox ML

    Dropped Files

    No Antivirus matches

    Unpacked PE Files

    No Antivirus matches

    Domains

    No Antivirus matches

    URLs

    SourceDetectionScannerLabelLink
    dxkushha.com0%Avira URL Cloudsafe

    Domains and IPs

    Contacted Domains

    NameIPActiveMaliciousAntivirus DetectionReputation
    steamcommunity.com
    		104.102.49.254
    		truefalse
      		high
      wordyfindy.lat
      		unknown
      		unknownfalse
        		high
        slipperyloo.lat
        		unknown
        		unknownfalse
          		high
          curverpluch.lat
          		unknown
          		unknownfalse
            		high
            tentabatte.lat
            		unknown
            		unknownfalse
              		high
              dxkushha.com
              		unknown
              		unknowntrue
                		unknown
                manyrestro.lat
                		unknown
                		unknownfalse
                  		high
                  bashfulacid.lat
                  		unknown
                  		unknownfalse
                    		high
                    shapestickyr.lat
                    		unknown
                    		unknownfalse
                      		high
                      talkynicer.lat
                      		unknown
                      		unknownfalse
                        		high

                        Contacted URLs

                        NameMaliciousAntivirus DetectionReputation
                        dxkushha.comtrue
                        • Avira URL Cloud: safe
                        		unknown
                        https://steamcommunity.com/profiles/76561199724331900false
                          		high
                          wordyfindy.latfalse
                            		high

                            URLs from Memory and Binaries

                            NameSourceMaliciousAntivirus DetectionReputation
                            https://steamcommunity.com/my/wishlist/1.exe, 00000000.00000003.1326561693.00000000007E5000.00000004.00000020.00020000.00000000.sdmp, 1.exe, 00000000.00000003.1326561693.00000000007DE000.00000004.00000020.00020000.00000000.sdmp, 1.exe, 00000000.00000003.1326642957.00000000007E5000.00000004.00000020.00020000.00000000.sdmpfalse
                              		high
                              https://community.fastly.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.png1.exe, 00000000.00000003.1326561693.00000000007E5000.00000004.00000020.00020000.00000000.sdmp, 1.exe, 00000000.00000003.1326642957.00000000007E5000.00000004.00000020.00020000.00000000.sdmpfalse
                                		high
                                https://player.vimeo.com1.exe, 00000000.00000003.1326561693.00000000007DE000.00000004.00000020.00020000.00000000.sdmp, 1.exe, 00000000.00000002.1596254643.00000000007AD000.00000004.00000020.00020000.00000000.sdmpfalse
                                  		high
                                  https://community.fastly.steamstatic.com/public/shared/css/shared_responsive.css?v=JL1e4uQSrVGe&1.exe, 00000000.00000003.1326561693.00000000007E5000.00000004.00000020.00020000.00000000.sdmp, 1.exe, 00000000.00000003.1326561693.00000000007DE000.00000004.00000020.00020000.00000000.sdmp, 1.exe, 00000000.00000003.1326642957.00000000007E5000.00000004.00000020.00020000.00000000.sdmpfalse
                                    		high
                                    https://steamcommunity.com/?subsection=broadcasts1.exe, 00000000.00000003.1326561693.00000000007E5000.00000004.00000020.00020000.00000000.sdmp, 1.exe, 00000000.00000003.1326642957.00000000007E5000.00000004.00000020.00020000.00000000.sdmpfalse
                                      		high
                                      https://help.steampowered.com/en/1.exe, 00000000.00000003.1326561693.00000000007E5000.00000004.00000020.00020000.00000000.sdmp, 1.exe, 00000000.00000003.1326642957.00000000007E5000.00000004.00000020.00020000.00000000.sdmpfalse
                                        		high
                                        https://steamcommunity.com/market/1.exe, 00000000.00000003.1326561693.00000000007E5000.00000004.00000020.00020000.00000000.sdmp, 1.exe, 00000000.00000003.1326642957.00000000007E5000.00000004.00000020.00020000.00000000.sdmpfalse
                                          		high
                                          https://store.steampowered.com/news/1.exe, 00000000.00000003.1326561693.00000000007E5000.00000004.00000020.00020000.00000000.sdmp, 1.exe, 00000000.00000003.1326642957.00000000007E5000.00000004.00000020.00020000.00000000.sdmpfalse
                                            		high
                                            https://store.steampowered.com/subscriber_agreement/1.exe, 00000000.00000003.1326561693.00000000007E5000.00000004.00000020.00020000.00000000.sdmp, 1.exe, 00000000.00000003.1326642957.00000000007E5000.00000004.00000020.00020000.00000000.sdmpfalse
                                              		high
                                              https://www.gstatic.cn/recaptcha/1.exe, 00000000.00000003.1326642957.00000000007DD000.00000004.00000020.00020000.00000000.sdmp, 1.exe, 00000000.00000002.1596254643.00000000007AD000.00000004.00000020.00020000.00000000.sdmpfalse
                                                		high
                                                http://store.steampowered.com/subscriber_agreement/1.exe, 00000000.00000003.1326561693.00000000007E5000.00000004.00000020.00020000.00000000.sdmp, 1.exe, 00000000.00000002.1596014303.000000000074A000.00000004.00000020.00020000.00000000.sdmp, 1.exe, 00000000.00000003.1326561693.00000000007DE000.00000004.00000020.00020000.00000000.sdmp, 1.exe, 00000000.00000003.1326642957.00000000007E5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  		high
                                                  https://steamcommunity.com/linkfilter/?u=http%3A%2F%2Fwww.geonames.org1.exe, 00000000.00000003.1326561693.00000000007E5000.00000004.00000020.00020000.00000000.sdmp, 1.exe, 00000000.00000002.1596014303.000000000074A000.00000004.00000020.00020000.00000000.sdmp, 1.exe, 00000000.00000003.1326561693.00000000007DE000.00000004.00000020.00020000.00000000.sdmp, 1.exe, 00000000.00000003.1326642957.00000000007E5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    		high
                                                    https://recaptcha.net/recaptcha/;1.exe, 00000000.00000003.1326561693.00000000007DE000.00000004.00000020.00020000.00000000.sdmp, 1.exe, 00000000.00000002.1596254643.00000000007AD000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      		high
                                                      https://community.fastly.steamstatic.com/public/shared/css/shared_global.css?v=Eq36AUaEgab8&l=en1.exe, 00000000.00000003.1326561693.00000000007E5000.00000004.00000020.00020000.00000000.sdmp, 1.exe, 00000000.00000003.1326561693.00000000007DE000.00000004.00000020.00020000.00000000.sdmp, 1.exe, 00000000.00000003.1326642957.00000000007E5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                        		high
                                                        https://community.fastly.steamstatic.com/public/javascript/applications/community/manifest.js?v=aep81.exe, 00000000.00000003.1326561693.00000000007E5000.00000004.00000020.00020000.00000000.sdmp, 1.exe, 00000000.00000002.1596014303.000000000074A000.00000004.00000020.00020000.00000000.sdmp, 1.exe, 00000000.00000003.1326561693.00000000007DE000.00000004.00000020.00020000.00000000.sdmp, 1.exe, 00000000.00000003.1326642957.00000000007E5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                          		high
                                                          http://www.valvesoftware.com/legal.htm1.exe, 00000000.00000003.1326561693.00000000007E5000.00000004.00000020.00020000.00000000.sdmp, 1.exe, 00000000.00000003.1326642957.00000000007E5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                            		high
                                                            https://steamcommunity.com/discussions/1.exe, 00000000.00000003.1326561693.00000000007E5000.00000004.00000020.00020000.00000000.sdmp, 1.exe, 00000000.00000003.1326642957.00000000007E5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                              		high
                                                              https://www.youtube.com1.exe, 00000000.00000003.1326561693.00000000007DE000.00000004.00000020.00020000.00000000.sdmp, 1.exe, 00000000.00000002.1596254643.00000000007AD000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                		high
                                                                https://www.google.com1.exe, 00000000.00000003.1326561693.00000000007DE000.00000004.00000020.00020000.00000000.sdmp, 1.exe, 00000000.00000002.1596254643.00000000007AD000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  https://store.steampowered.com/stats/1.exe, 00000000.00000003.1326561693.00000000007E5000.00000004.00000020.00020000.00000000.sdmp, 1.exe, 00000000.00000003.1326642957.00000000007E5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                    		high
                                                                    https://community.fastly.steamstatic.com/public/shared/javascript/shared_global.js?v=Gr6TbGRvDtNE&am1.exe, 00000000.00000003.1326561693.00000000007E5000.00000004.00000020.00020000.00000000.sdmp, 1.exe, 00000000.00000003.1326561693.00000000007DE000.00000004.00000020.00020000.00000000.sdmp, 1.exe, 00000000.00000003.1326642957.00000000007E5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      https://medal.tv1.exe, 00000000.00000003.1326561693.00000000007DE000.00000004.00000020.00020000.00000000.sdmp, 1.exe, 00000000.00000002.1596254643.00000000007AD000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        https://broadcast.st.dl.eccdnx.com1.exe, 00000000.00000003.1326642957.00000000007DD000.00000004.00000020.00020000.00000000.sdmp, 1.exe, 00000000.00000002.1596254643.00000000007AD000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                          		high
                                                                          https://community.fastly.steamstatic.com/public/shared/images/responsive/logo_valve_footer.png1.exe, 00000000.00000003.1326561693.00000000007E5000.00000004.00000020.00020000.00000000.sdmp, 1.exe, 00000000.00000003.1326642957.00000000007E5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                            		high
                                                                            https://community.fastly.steamstatic.com/public/css/skin_1/header.css?v=EM4kCu67DNda&l=english&a1.exe, 00000000.00000003.1326561693.00000000007E5000.00000004.00000020.00020000.00000000.sdmp, 1.exe, 00000000.00000003.1326561693.00000000007DE000.00000004.00000020.00020000.00000000.sdmp, 1.exe, 00000000.00000003.1326642957.00000000007E5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                              		high
                                                                              https://store.steampowered.com/steam_refunds/1.exe, 00000000.00000003.1326561693.00000000007E5000.00000004.00000020.00020000.00000000.sdmp, 1.exe, 00000000.00000003.1326642957.00000000007E5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                		high
                                                                                https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20Feedback1.exe, 00000000.00000003.1326561693.00000000007E5000.00000004.00000020.00020000.00000000.sdmp, 1.exe, 00000000.00000003.1326685663.0000000000757000.00000004.00000020.00020000.00000000.sdmp, 1.exe, 00000000.00000003.1326561693.00000000007DE000.00000004.00000020.00020000.00000000.sdmp, 1.exe, 00000000.00000003.1326642957.00000000007E5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                  		high
                                                                                  https://steamcommunity.com/login/home/?goto=profiles%2F765611997243319001.exe, 00000000.00000003.1326642957.00000000007E5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                    		high
                                                                                    https://community.fastly.steamstatic.com/public/javascript/applications/community/libraries~b28b7af61.exe, 00000000.00000003.1326561693.00000000007E5000.00000004.00000020.00020000.00000000.sdmp, 1.exe, 00000000.00000002.1596014303.000000000074A000.00000004.00000020.00020000.00000000.sdmp, 1.exe, 00000000.00000003.1326561693.00000000007DE000.00000004.00000020.00020000.00000000.sdmp, 1.exe, 00000000.00000003.1326642957.00000000007E5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                      		high
                                                                                      https://community.fastly.steamstatic.com/public/shared/images/header/logo_steam.svg?t=9620161.exe, 00000000.00000003.1326561693.00000000007E5000.00000004.00000020.00020000.00000000.sdmp, 1.exe, 00000000.00000003.1326642957.00000000007E5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                        		high
                                                                                        https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/1.exe, 00000000.00000003.1326642957.00000000007DD000.00000004.00000020.00020000.00000000.sdmp, 1.exe, 00000000.00000002.1596254643.00000000007AD000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                          		high
                                                                                          https://community.fastly.steamstatic.com/public/shared/css/motiva_sans.css?v=-yZgCk0Nu7kH&l=engl1.exe, 00000000.00000003.1326561693.00000000007E5000.00000004.00000020.00020000.00000000.sdmp, 1.exe, 00000000.00000003.1326561693.00000000007DE000.00000004.00000020.00020000.00000000.sdmp, 1.exe, 00000000.00000003.1326642957.00000000007E5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                            		high
                                                                                            https://community.fastly.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=pbdAKOcDIgbC1.exe, 00000000.00000003.1326561693.00000000007E5000.00000004.00000020.00020000.00000000.sdmp, 1.exe, 00000000.00000003.1326561693.00000000007DE000.00000004.00000020.00020000.00000000.sdmp, 1.exe, 00000000.00000003.1326642957.00000000007E5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                              		high
                                                                                              https://s.ytimg.com;1.exe, 00000000.00000003.1326642957.00000000007DD000.00000004.00000020.00020000.00000000.sdmp, 1.exe, 00000000.00000002.1596254643.00000000007AD000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                		high
                                                                                                https://steamcommunity.com/workshop/1.exe, 00000000.00000003.1326561693.00000000007E5000.00000004.00000020.00020000.00000000.sdmp, 1.exe, 00000000.00000003.1326642957.00000000007E5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                  		high
                                                                                                  https://login.steampowered.com/1.exe, 00000000.00000002.1596254643.00000000007AD000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                    		high
                                                                                                    https://store.steampowered.com/;Persistent-AuthWWW-AuthenticateVarysteamCountry=US%7C185ce35c568ebbb1.exe, 00000000.00000003.1326561693.00000000007DE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                      		high
                                                                                                      https://community.fastly.steamstatic.com/public/css/globalv2.css?v=hzEgqbtRcI5V&l=english&_c1.exe, 00000000.00000003.1326561693.00000000007E5000.00000004.00000020.00020000.00000000.sdmp, 1.exe, 00000000.00000003.1326561693.00000000007DE000.00000004.00000020.00020000.00000000.sdmp, 1.exe, 00000000.00000003.1326642957.00000000007E5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                        		high
                                                                                                        https://community.fastly.steamstatic.com/public/images/skin_1/footerLogo_valve.png?v=11.exe, 00000000.00000003.1326561693.00000000007E5000.00000004.00000020.00020000.00000000.sdmp, 1.exe, 00000000.00000002.1596014303.000000000074A000.00000004.00000020.00020000.00000000.sdmp, 1.exe, 00000000.00000003.1326561693.00000000007DE000.00000004.00000020.00020000.00000000.sdmp, 1.exe, 00000000.00000003.1326642957.00000000007E5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                          		high
                                                                                                          https://community.fastly.steamstatic.com/public/shared/css/buttons.css?v=qhQgyjWi6LgJ&l=english&1.exe, 00000000.00000003.1326561693.00000000007E5000.00000004.00000020.00020000.00000000.sdmp, 1.exe, 00000000.00000003.1326561693.00000000007DE000.00000004.00000020.00020000.00000000.sdmp, 1.exe, 00000000.00000003.1326642957.00000000007E5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                            		high
                                                                                                            https://store.steampowered.com/legal/1.exe, 00000000.00000003.1326561693.00000000007E5000.00000004.00000020.00020000.00000000.sdmp, 1.exe, 00000000.00000002.1596014303.000000000074A000.00000004.00000020.00020000.00000000.sdmp, 1.exe, 00000000.00000003.1326561693.00000000007DE000.00000004.00000020.00020000.00000000.sdmp, 1.exe, 00000000.00000003.1326642957.00000000007E5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                              		high
                                                                                                              https://community.fastly.steamstatic.com/1.exe, 00000000.00000002.1596254643.00000000007AD000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                		high
                                                                                                                https://community.fastly.steamstatic.com/public/css/skin_1/fatalerror.css?v=OFUqlcDNiD6y&l=engli1.exe, 00000000.00000003.1326561693.00000000007E5000.00000004.00000020.00020000.00000000.sdmp, 1.exe, 00000000.00000003.1326561693.00000000007DE000.00000004.00000020.00020000.00000000.sdmp, 1.exe, 00000000.00000003.1326642957.00000000007E5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                  		high
                                                                                                                  https://steam.tv/1.exe, 00000000.00000003.1326642957.00000000007DD000.00000004.00000020.00020000.00000000.sdmp, 1.exe, 00000000.00000002.1596254643.00000000007AD000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                    		high
                                                                                                                    https://community.fastly.steamstatic.com/public/shared/javascript/tooltip.js?v=QYkT4eS5mbTN&l=en1.exe, 00000000.00000003.1326561693.00000000007E5000.00000004.00000020.00020000.00000000.sdmp, 1.exe, 00000000.00000003.1326561693.00000000007DE000.00000004.00000020.00020000.00000000.sdmp, 1.exe, 00000000.00000003.1326642957.00000000007E5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                      		high
                                                                                                                      https://community.fastly.steamstatic.com/public/javascript/prototype-1.7.js?v=npJElBnrEO6W&l=eng1.exe, 00000000.00000003.1326561693.00000000007E5000.00000004.00000020.00020000.00000000.sdmp, 1.exe, 00000000.00000003.1326561693.00000000007DE000.00000004.00000020.00020000.00000000.sdmp, 1.exe, 00000000.00000003.1326642957.00000000007E5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                        		high
                                                                                                                        http://store.steampowered.com/privacy_agreement/1.exe, 00000000.00000003.1326561693.00000000007E5000.00000004.00000020.00020000.00000000.sdmp, 1.exe, 00000000.00000002.1596014303.000000000074A000.00000004.00000020.00020000.00000000.sdmp, 1.exe, 00000000.00000003.1326561693.00000000007DE000.00000004.00000020.00020000.00000000.sdmp, 1.exe, 00000000.00000003.1326642957.00000000007E5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                          		high
                                                                                                                          https://steamcommunity.com/lstu1.exe, 00000000.00000003.1326607333.00000000007AD000.00000004.00000020.00020000.00000000.sdmp, 1.exe, 00000000.00000003.1326642957.00000000007DD000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                            		high
                                                                                                                            https://store.steampowered.com/points/shop/1.exe, 00000000.00000003.1326561693.00000000007E5000.00000004.00000020.00020000.00000000.sdmp, 1.exe, 00000000.00000003.1326642957.00000000007E5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                              		high
                                                                                                                              https://recaptcha.net1.exe, 00000000.00000003.1326642957.00000000007DD000.00000004.00000020.00020000.00000000.sdmp, 1.exe, 00000000.00000002.1596254643.00000000007AD000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                		high
                                                                                                                                http://upx.sf.netAmcache.hve.4.drfalse
                                                                                                                                  		high
                                                                                                                                  https://store.steampowered.com/1.exe, 00000000.00000002.1596254643.00000000007AD000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                    		high
                                                                                                                                    https://steamcommunity.com1.exe, 00000000.00000003.1326561693.00000000007E5000.00000004.00000020.00020000.00000000.sdmp, 1.exe, 00000000.00000002.1596014303.000000000074A000.00000004.00000020.00020000.00000000.sdmp, 1.exe, 00000000.00000003.1326561693.00000000007DE000.00000004.00000020.00020000.00000000.sdmp, 1.exe, 00000000.00000003.1326642957.00000000007E5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                      		high
                                                                                                                                      https://sketchfab.com1.exe, 00000000.00000003.1326561693.00000000007DE000.00000004.00000020.00020000.00000000.sdmp, 1.exe, 00000000.00000002.1596254643.00000000007AD000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                        		high
                                                                                                                                        https://lv.queniujq.cn1.exe, 00000000.00000003.1326642957.00000000007DD000.00000004.00000020.00020000.00000000.sdmp, 1.exe, 00000000.00000002.1596254643.00000000007AD000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                          		high
                                                                                                                                          https://community.fastly.steamstatic.com/public/shared/images/responsive/header_logo.png1.exe, 00000000.00000003.1326561693.00000000007E5000.00000004.00000020.00020000.00000000.sdmp, 1.exe, 00000000.00000003.1326642957.00000000007E5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                            		high
                                                                                                                                            https://www.youtube.com/1.exe, 00000000.00000003.1326642957.00000000007DD000.00000004.00000020.00020000.00000000.sdmp, 1.exe, 00000000.00000002.1596254643.00000000007AD000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                              		high
                                                                                                                                              http://127.0.0.1:270601.exe, 00000000.00000003.1326642957.00000000007DD000.00000004.00000020.00020000.00000000.sdmp, 1.exe, 00000000.00000002.1596254643.00000000007AD000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                		high
                                                                                                                                                https://store.steampowered.com/privacy_agreement/1.exe, 00000000.00000003.1326561693.00000000007E5000.00000004.00000020.00020000.00000000.sdmp, 1.exe, 00000000.00000003.1326642957.00000000007E5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                  		high
                                                                                                                                                  https://community.fastly.steamstatic.com/public/javascript/applications/community/main.js?v=M_FULq_A1.exe, 00000000.00000003.1326561693.00000000007E5000.00000004.00000020.00020000.00000000.sdmp, 1.exe, 00000000.00000002.1596014303.000000000074A000.00000004.00000020.00020000.00000000.sdmp, 1.exe, 00000000.00000003.1326561693.00000000007DE000.00000004.00000020.00020000.00000000.sdmp, 1.exe, 00000000.00000003.1326642957.00000000007E5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                    		high
                                                                                                                                                    https://community.fastly.steamstatic.com/public/shared/javascript/shared_responsive_adapter.js?v=tvQ1.exe, 00000000.00000003.1326561693.00000000007E5000.00000004.00000020.00020000.00000000.sdmp, 1.exe, 00000000.00000003.1326561693.00000000007DE000.00000004.00000020.00020000.00000000.sdmp, 1.exe, 00000000.00000003.1326642957.00000000007E5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                      		high
                                                                                                                                                      https://community.fastly.steamstatic.com/public/javascript/global.js?v=jWc2JLWHx5Kn&l=english&am1.exe, 00000000.00000003.1326561693.00000000007E5000.00000004.00000020.00020000.00000000.sdmp, 1.exe, 00000000.00000003.1326561693.00000000007DE000.00000004.00000020.00020000.00000000.sdmp, 1.exe, 00000000.00000003.1326642957.00000000007E5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                        		high
                                                                                                                                                        https://www.google.com/recaptcha/1.exe, 00000000.00000002.1596254643.00000000007AD000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                          		high
                                                                                                                                                          https://checkout.steampowered.com/1.exe, 00000000.00000002.1596254643.00000000007AD000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                            		high
                                                                                                                                                            https://community.fastly.steamstatic.com/public/shared/javascript/auth_refresh.js?v=w6QbwI-5-j2S&amp1.exe, 00000000.00000003.1326561693.00000000007E5000.00000004.00000020.00020000.00000000.sdmp, 1.exe, 00000000.00000003.1326561693.00000000007DE000.00000004.00000020.00020000.00000000.sdmp, 1.exe, 00000000.00000003.1326642957.00000000007E5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                              		high
                                                                                                                                                              https://help.steampowered.com/1.exe, 00000000.00000002.1596254643.00000000007AD000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                		high
                                                                                                                                                                https://api.steampowered.com/1.exe, 00000000.00000002.1596254643.00000000007AD000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                  		high
                                                                                                                                                                  https://store.steampowered.com/points/shop1.exe, 00000000.00000003.1326561693.00000000007DE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                    		high
                                                                                                                                                                    http://store.steampowered.com/account/cookiepreferences/1.exe, 00000000.00000003.1326561693.00000000007E5000.00000004.00000020.00020000.00000000.sdmp, 1.exe, 00000000.00000002.1596014303.000000000074A000.00000004.00000020.00020000.00000000.sdmp, 1.exe, 00000000.00000003.1326561693.00000000007DE000.00000004.00000020.00020000.00000000.sdmp, 1.exe, 00000000.00000003.1326642957.00000000007E5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                      		high
                                                                                                                                                                      https://store.steampowered.com/mobile1.exe, 00000000.00000003.1326561693.00000000007E5000.00000004.00000020.00020000.00000000.sdmp, 1.exe, 00000000.00000003.1326642957.00000000007E5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                        		high
                                                                                                                                                                        https://steamcommunity.com/1.exe, 00000000.00000003.1326642957.00000000007E5000.00000004.00000020.00020000.00000000.sdmp, 1.exe, 00000000.00000002.1596254643.00000000007AD000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                          		high
                                                                                                                                                                          https://store.steampowered.com/;1.exe, 00000000.00000003.1326607333.00000000007AD000.00000004.00000020.00020000.00000000.sdmp, 1.exe, 00000000.00000003.1326685663.00000000007AD000.00000004.00000020.00020000.00000000.sdmp, 1.exe, 00000000.00000003.1326561693.00000000007DE000.00000004.00000020.00020000.00000000.sdmp, 1.exe, 00000000.00000002.1596254643.00000000007AD000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                            		high
                                                                                                                                                                            https://store.steampowered.com/about/1.exe, 00000000.00000003.1326642957.00000000007E5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                              		high
                                                                                                                                                                              https://community.fastly.steamstatic.com/public/javascript/jquery-1.11.1.min.js?v=gQHVlrK4-jX-&l1.exe, 00000000.00000003.1326561693.00000000007E5000.00000004.00000020.00020000.00000000.sdmp, 1.exe, 00000000.00000003.1326561693.00000000007DE000.00000004.00000020.00020000.00000000.sdmp, 1.exe, 00000000.00000003.1326642957.00000000007E5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                		high

                                                                                                                                                                                World Map of Contacted IPs

                                                                                                                                                                                • No. of IPs < 25%
                                                                                                                                                                                • 25% < No. of IPs < 50%
                                                                                                                                                                                • 50% < No. of IPs < 75%
                                                                                                                                                                                • 75% < No. of IPs

                                                                                                                                                                                Public IPs

                                                                                                                                                                                IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                                                104.102.49.254
                                                                                                                                                                                		steamcommunity.comUnited States
                                                                                                                                                                                		16625AKAMAI-ASUSfalse

                                                                                                                                                                                General Information

                                                                                                                                                                                Joe Sandbox version:42.0.0 Malachite
                                                                                                                                                                                Analysis ID:1587436
                                                                                                                                                                                Start date and time:2025-01-10 11:34:12 +01:00
                                                                                                                                                                                Joe Sandbox product:CloudBasic
                                                                                                                                                                                Overall analysis duration:0h 5m 11s
                                                                                                                                                                                Hypervisor based Inspection enabled:false
                                                                                                                                                                                Report type:full
                                                                                                                                                                                Cookbook file name:default.jbs
                                                                                                                                                                                Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                                                                Number of analysed new started processes analysed:10
                                                                                                                                                                                Number of new started drivers analysed:0
                                                                                                                                                                                Number of existing processes analysed:0
                                                                                                                                                                                Number of existing drivers analysed:0
                                                                                                                                                                                Number of injected processes analysed:0
                                                                                                                                                                                Technologies:
                                                                                                                                                                                • HCA enabled
                                                                                                                                                                                • EGA enabled
                                                                                                                                                                                • AMSI enabled
                                                                                                                                                                                Analysis Mode:default
                                                                                                                                                                                Analysis stop reason:Timeout
                                                                                                                                                                                Sample name:1.exe
                                                                                                                                                                                Detection:MAL
                                                                                                                                                                                Classification:mal100.troj.evad.winEXE@2/5@10/1
                                                                                                                                                                                EGA Information:
                                                                                                                                                                                • Successful, ratio: 100%
                                                                                                                                                                                HCA Information:
                                                                                                                                                                                • Successful, ratio: 95%
                                                                                                                                                                                • Number of executed functions: 13
                                                                                                                                                                                • Number of non-executed functions: 214
                                                                                                                                                                                Cookbook Comments:
                                                                                                                                                                                • Found application associated with file extension: .exe

                                                                                                                                                                                Warnings

                                                                                                                                                                                • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WerFault.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
                                                                                                                                                                                • Excluded IPs from analysis (whitelisted): 13.89.179.12, 13.107.246.45, 40.126.31.71, 172.202.163.200
                                                                                                                                                                                • Excluded domains from analysis (whitelisted): otelrules.azureedge.net, login.live.com, slscr.update.microsoft.com, blobcollector.events.data.trafficmanager.net, ctldl.windowsupdate.com, umwatson.events.data.microsoft.com, onedsblobprdcus17.centralus.cloudapp.azure.com, fe3cr.delivery.mp.microsoft.com
                                                                                                                                                                                • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                                                • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                                                                • Report size getting too big, too many NtQueryValueKey calls found.

                                                                                                                                                                                Simulations

                                                                                                                                                                                Behavior and APIs

                                                                                                                                                                                TimeTypeDescription
                                                                                                                                                                                05:35:08API Interceptor4x Sleep call for process: 1.exe modified
                                                                                                                                                                                05:35:36API Interceptor1x Sleep call for process: WerFault.exe modified

                                                                                                                                                                                Joe Sandbox View / Context

                                                                                                                                                                                IPs

                                                                                                                                                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                104.102.49.254r4xiHKy8aM.exeGet hashmaliciousSocks5SystemzBrowse
                                                                                                                                                                                • /ISteamUser/GetFriendList/v1/?key=AE2AE4DBF33A541E83BC08989DB1F397&steamid=76561198400860497
                                                                                                                                                                                http://gtm-cn-j4g3qqvf603.steamproxy1.com/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                • www.valvesoftware.com/legal.htm

                                                                                                                                                                                Domains

                                                                                                                                                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                steamcommunity.comanti-malware-setup.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                • 104.102.49.254
                                                                                                                                                                                appFile.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                • 104.102.49.254
                                                                                                                                                                                cache_registerer.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                • 104.102.49.254
                                                                                                                                                                                Invoice.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                • 104.102.49.254
                                                                                                                                                                                NvOxePa.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                • 104.102.49.254
                                                                                                                                                                                h3VYJaQqI9.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                • 104.102.49.254
                                                                                                                                                                                P2V7Mr3DUF.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                • 104.102.49.254
                                                                                                                                                                                v3tb7mqP48.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                • 104.102.49.254
                                                                                                                                                                                asd.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                • 104.102.49.254
                                                                                                                                                                                [UPD]Intel_Unit.2.1.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                • 104.102.49.254

                                                                                                                                                                                ASNs

                                                                                                                                                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                AKAMAI-ASUSanti-malware-setup.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                • 104.102.49.254
                                                                                                                                                                                appFile.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                • 104.102.49.254
                                                                                                                                                                                cache_registerer.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                • 104.102.49.254
                                                                                                                                                                                armv5l.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                • 23.209.153.127
                                                                                                                                                                                http://postman.com/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                • 104.102.43.106
                                                                                                                                                                                https://sanctionssearch.ofac.treas.govGet hashmaliciousUnknownBrowse
                                                                                                                                                                                • 23.49.251.37
                                                                                                                                                                                Fantazy.ppc.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                • 104.81.98.224
                                                                                                                                                                                Fantazy.x86.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                • 184.28.181.149
                                                                                                                                                                                6.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                • 2.16.79.96
                                                                                                                                                                                Invoice.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                • 104.102.49.254

                                                                                                                                                                                JA3 Fingerprints

                                                                                                                                                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                a0e9f5d64349fb13191bc781f81f42e1anti-malware-setup.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                • 104.102.49.254
                                                                                                                                                                                appFile.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                • 104.102.49.254
                                                                                                                                                                                cache_registerer.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                • 104.102.49.254
                                                                                                                                                                                CY SEC AUDIT PLAN 2025.docx.docGet hashmaliciousUnknownBrowse
                                                                                                                                                                                • 104.102.49.254
                                                                                                                                                                                PO#3_RKG367.batGet hashmaliciousDBatLoader, MassLogger RAT, PureLog StealerBrowse
                                                                                                                                                                                • 104.102.49.254
                                                                                                                                                                                Invoice.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                • 104.102.49.254
                                                                                                                                                                                24EPV9vjc5.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                • 104.102.49.254
                                                                                                                                                                                kXzODlqJak.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                • 104.102.49.254
                                                                                                                                                                                24EPV9vjc5.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                • 104.102.49.254
                                                                                                                                                                                kXzODlqJak.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                • 104.102.49.254

                                                                                                                                                                                Dropped Files

                                                                                                                                                                                No context

                                                                                                                                                                                Created / dropped Files

                                                                                                                                                                                C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_1.exe_7096ba4de9b5c471a0a7892f75973015208e_a2e6c44a_1f882c86-2fb6-432e-9e6b-b70ce8e9e009\Report.wer

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):65536
                                                                                                                                                                                Entropy (8bit):0.9431224070362595
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:96:PmcHeQssUhpe7ECLQXIDcQ8c6VqcWdcEtcw3N+HbHg/rZHLnxZvESOyRgU6NCUt+:VeQsf0C4PXuj5WRzuiFcRZ24IO8u6
                                                                                                                                                                                MD5:51F7F9A46D6E1F6F4F5339FC05BE36E8
                                                                                                                                                                                SHA1:5D746A8C2BBE14C5FC0E948FAE214E8D62287C39
                                                                                                                                                                                SHA-256:B827BA52866DA0C54BAF336EC33F4D3759A1AD7D31F354EFC54AC17CDEC57D2E
                                                                                                                                                                                SHA-512:2A260463FA12509E5802A8BB93A58E2B9CEF13C8C26336FC2A12C51366DE0C9C4AA7D62ABEAB061FED76F4001E68FF302328C071682A7DE517EBBB53BD929998
                                                                                                                                                                                Malicious:true
                                                                                                                                                                                Reputation:low
                                                                                                                                                                                Preview:..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.A.P.P.C.R.A.S.H.....E.v.e.n.t.T.i.m.e.=.1.3.3.8.0.9.7.8.9.1.0.3.6.5.5.8.8.7.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.3.8.0.9.7.8.9.1.1.1.9.3.7.5.4.5.....R.e.p.o.r.t.S.t.a.t.u.s.=.6.5.5.4.5.6.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.1.f.8.8.2.c.8.6.-.2.f.b.6.-.4.3.2.e.-.9.e.6.b.-.b.7.0.c.e.8.e.9.e.0.0.9.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.e.e.a.d.4.0.f.d.-.d.e.4.1.-.4.0.c.5.-.8.a.4.1.-.0.e.d.6.b.c.b.7.d.9.4.3.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.1...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.1.e.3.0.-.0.0.0.1.-.0.0.1.3.-.e.7.b.1.-.3.0.5.1.4.b.6.3.d.b.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.b.0.9.c.9.d.e.2.9.6.4.b.6.1.f.5.8.6.6.e.9.8.1.0.6.2.6.8.2.5.1.5.0.0.0.0.f.f.f.f.!.0.0.0.0.a.0.0.6.b.3.9.0.4.b.a.a.7.d.6.7.d.f.e.4.c.f.b.4.0.1.c.1.2.e.3.5.b.8.0.1.4.8.4.4.!.1...e.x.e.....T.a.r.g.e.t.A.p.p.V.e.r.=.2.0.2.4././.1.2././.2.3.:.1.

                                                                                                                                                                                C:\ProgramData\Microsoft\Windows\WER\Temp\WERF57D.tmp.dmp

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                File Type:Mini DuMP crash report, 15 streams, Fri Jan 10 10:35:10 2025, 0x1205a4 type
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):48798
                                                                                                                                                                                Entropy (8bit):2.6829603331231593
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:192:ZzmgGAmy1Xtmpt1/OB1BikdofqQA1oV90eB0L6Em+gkcNd/xCx0CENfsgH:3Gzampt12jBikuATYrJ00CG08
                                                                                                                                                                                MD5:6C3819188D6376F02F4D94E5F6B70F79
                                                                                                                                                                                SHA1:D9CCABAB841CBAC37BDFAEB0143A10B12C800D19
                                                                                                                                                                                SHA-256:F1C10B0C3F7975B461F57CD8AEEC3506FBEBDB141A42EDD522224236B899F1DE
                                                                                                                                                                                SHA-512:C38B7ED8BC1285522DED54A559BF839E869E8948107AB049C274A1CFCE79657679E26CFDD2A0BC575D006196C6CAA4320217CE9D408BF685D16B819B247EC6D5
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Reputation:low
                                                                                                                                                                                Preview:MDMP..a..... ..........g............4...............H...........<............-..........`.......8...........T............?...~......................................................................................................eJ......\ ......GenuineIntel............T.......0......g.............................0..2...........,...E.a.s.t.e.r.n. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................E.a.s.t.e.r.n. .S.u.m.m.e.r. .T.i.m.e...............................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.......................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                C:\ProgramData\Microsoft\Windows\WER\Temp\WERF791.tmp.WERInternalMetadata.xml

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):8256
                                                                                                                                                                                Entropy (8bit):3.692620951986533
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:192:R6l7wVeJaV6Zw6YWoSU92VhCgmf9DtpDT89bpesfOjm:R6lXJ46+6YJSU9Qkgmf9Dcpdfb
                                                                                                                                                                                MD5:5287964D2B43781D6D7738008830B1AC
                                                                                                                                                                                SHA1:3BA82CF020BDFA5174DAE43FAF5C733901C850CD
                                                                                                                                                                                SHA-256:5C763A96A690A07D39A57E3A6C8F319B8CA8CE8D413571735FAF0E4ECBE25B5F
                                                                                                                                                                                SHA-512:C1FD72A143B3E2A96E0706B4E520A768391261863B95319D022E3F508C5568DCD9F0F58ECDEE4AD1E41AC907708485806E98FB8638A5BBD8724FF5F533A6D442
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Reputation:low
                                                                                                                                                                                Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.7.7.2.8.<./.P.i.

                                                                                                                                                                                C:\ProgramData\Microsoft\Windows\WER\Temp\WERF7E1.tmp.xml

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):4516
                                                                                                                                                                                Entropy (8bit):4.417003169090564
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:48:cvIwWl8zsZJg77aI9jQWpW8VY2Ym8M4JCN+IFVBpd+q8uIbGccnled:uIjfrI7Rp7VSJC0+drIKccnled
                                                                                                                                                                                MD5:E58F140EB9A3E2AAB89E4B0394CB92F7
                                                                                                                                                                                SHA1:465627D49C15D01855D0DF91A777D5C340271241
                                                                                                                                                                                SHA-256:BD745B34683BB8515A79BCB81BD822691900613AFC9BE299E21B5D94CF88A750
                                                                                                                                                                                SHA-512:E9EC4A06764BE91BEBFEF07049ED2CDF8E94A4DA6F96BBE5EA2FECEE847BF7559EF357C07A071DCCD0974519E6ECE53CD05CC848658F7EA05682A2EA1DA50A49
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Reputation:low
                                                                                                                                                                                Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="669697" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409

                                                                                                                                                                                C:\Windows\appcompat\Programs\Amcache.hve

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                File Type:MS Windows registry file, NT/2000 or above
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1835008
                                                                                                                                                                                Entropy (8bit):4.29591344919775
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:6144:J41fWRYkg7Di2vroy00lWZgiWaaKxC44Q0NbuDs+oGmBMZJh1Vj9:e1/kCW2AoQ0NimGwMHrVB
                                                                                                                                                                                MD5:6CE899BF3465CA1BF150D0967EB9CEC6
                                                                                                                                                                                SHA1:243BAEDA4C635903842A95B12DA996C7118593AC
                                                                                                                                                                                SHA-256:C156C781BBE3EBCB7344E7A94077EBB57DC7B9F85CA572D42E2597FBA369C351
                                                                                                                                                                                SHA-512:BC10521198B93B1C150289648E3D38C8087E1CAB9820BA89B00036D48A6BC020DC858DF3060DFE566A5BD8F8354A09F25685571C0F7F49C654CD10338A947A53
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Reputation:low
                                                                                                                                                                                Preview:regfG...G....\.Z.................... ....`......\.A.p.p.C.o.m.p.a.t.\.P.r.o.g.r.a.m.s.\.A.m.c.a.c.h.e...h.v.e....c...b...#.......c...b...#...........c...b...#......rmtmj..RKc.................................................................................................................................................................................................................................................................................................................................................f........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                Static File Info

                                                                                                                                                                                General

                                                                                                                                                                                File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                Entropy (8bit):7.289463369394953
                                                                                                                                                                                TrID:
                                                                                                                                                                                • Win32 Executable (generic) a (10002005/4) 99.55%
                                                                                                                                                                                • Win32 EXE PECompact compressed (generic) (41571/9) 0.41%
                                                                                                                                                                                • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                                                                                                • DOS Executable Generic (2002/1) 0.02%
                                                                                                                                                                                • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                                                                                File name:1.exe
                                                                                                                                                                                File size:322'048 bytes
                                                                                                                                                                                MD5:2d81de63f4b774466ab048f90f864b9c
                                                                                                                                                                                SHA1:a006b3904baa7d67dfe4cfb401c12e35b8014844
                                                                                                                                                                                SHA256:890953a43159346a909bf070cc7217121edece253d8df68960cd80e89b3e70a0
                                                                                                                                                                                SHA512:b5cbafe9c0619eeaf93968ffb1dc992b1b46083a336972891c6beecb7f97ccfb0d2bee94b30e97fa4a81110a8b936a645b53345f519632908414e664c32d05b3
                                                                                                                                                                                SSDEEP:6144:qNDNpML8u4Bfnvqp0RJMBpET39rj3C09/eo4nwtq:qNDNm0BfnimR6vET39rTC0lEX
                                                                                                                                                                                TLSH:AC64F126B653D172C59664328434C7B26F7FBC310775898B37682B2EAF702D2D63A319
                                                                                                                                                                                File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......^..V..q...q...q.....1.q.....?.q.......q.=n....q...p.`.q.......q.......q.......q.Rich..q.........................PE..L....lBe...

                                                                                                                                                                                File Icon

                                                                                                                                                                                Icon Hash:8632604c5633371c

                                                                                                                                                                                Static PE Info

                                                                                                                                                                                General

                                                                                                                                                                                Entrypoint:0x4073c6
                                                                                                                                                                                Entrypoint Section:.text
                                                                                                                                                                                Digitally signed:false
                                                                                                                                                                                Imagebase:0x400000
                                                                                                                                                                                Subsystem:windows gui
                                                                                                                                                                                Image File Characteristics:RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                                                                                                                                                DLL Characteristics:TERMINAL_SERVER_AWARE
                                                                                                                                                                                Time Stamp:0x65426CBB [Wed Nov 1 15:20:27 2023 UTC]
                                                                                                                                                                                TLS Callbacks:
                                                                                                                                                                                CLR (.Net) Version:
                                                                                                                                                                                OS Version Major:5
                                                                                                                                                                                OS Version Minor:0
                                                                                                                                                                                File Version Major:5
                                                                                                                                                                                File Version Minor:0
                                                                                                                                                                                Subsystem Version Major:5
                                                                                                                                                                                Subsystem Version Minor:0
                                                                                                                                                                                Import Hash:61fc52df2134948a61cd128f53825acc

                                                                                                                                                                                Entrypoint Preview

                                                                                                                                                                                Instruction
                                                                                                                                                                                call 00007F6FC559D486h
                                                                                                                                                                                jmp 00007F6FC5596A2Dh
                                                                                                                                                                                call 00007F6FC5596BECh
                                                                                                                                                                                xchg cl, ch
                                                                                                                                                                                jmp 00007F6FC5596BD4h
                                                                                                                                                                                call 00007F6FC5596BE3h
                                                                                                                                                                                fxch st(0), st(1)
                                                                                                                                                                                jmp 00007F6FC5596BCBh
                                                                                                                                                                                fabs
                                                                                                                                                                                fld1
                                                                                                                                                                                mov ch, cl
                                                                                                                                                                                xor cl, cl
                                                                                                                                                                                jmp 00007F6FC5596BC1h
                                                                                                                                                                                mov byte ptr [ebp-00000090h], FFFFFFFEh
                                                                                                                                                                                fabs
                                                                                                                                                                                fxch st(0), st(1)
                                                                                                                                                                                fabs
                                                                                                                                                                                fxch st(0), st(1)
                                                                                                                                                                                fpatan
                                                                                                                                                                                or cl, cl
                                                                                                                                                                                je 00007F6FC5596BB6h
                                                                                                                                                                                fldpi
                                                                                                                                                                                fsubrp st(1), st(0)
                                                                                                                                                                                or ch, ch
                                                                                                                                                                                je 00007F6FC5596BB4h
                                                                                                                                                                                fchs
                                                                                                                                                                                ret
                                                                                                                                                                                fabs
                                                                                                                                                                                fld st(0), st(0)
                                                                                                                                                                                fld st(0), st(0)
                                                                                                                                                                                fld1
                                                                                                                                                                                fsubrp st(1), st(0)
                                                                                                                                                                                fxch st(0), st(1)
                                                                                                                                                                                fld1
                                                                                                                                                                                faddp st(1), st(0)
                                                                                                                                                                                fmulp st(1), st(0)
                                                                                                                                                                                ftst
                                                                                                                                                                                wait
                                                                                                                                                                                fstsw word ptr [ebp-000000A0h]
                                                                                                                                                                                wait
                                                                                                                                                                                test byte ptr [ebp-0000009Fh], 00000001h
                                                                                                                                                                                jne 00007F6FC5596BB7h
                                                                                                                                                                                xor ch, ch
                                                                                                                                                                                fsqrt
                                                                                                                                                                                ret
                                                                                                                                                                                pop eax
                                                                                                                                                                                jmp 00007F6FC55973CFh
                                                                                                                                                                                fstp st(0)
                                                                                                                                                                                fld tbyte ptr [004461FAh]
                                                                                                                                                                                ret
                                                                                                                                                                                fstp st(0)
                                                                                                                                                                                or cl, cl
                                                                                                                                                                                je 00007F6FC5596BBDh
                                                                                                                                                                                fstp st(0)
                                                                                                                                                                                fldpi
                                                                                                                                                                                or ch, ch
                                                                                                                                                                                je 00007F6FC5596BB4h
                                                                                                                                                                                fchs
                                                                                                                                                                                ret
                                                                                                                                                                                fstp st(0)
                                                                                                                                                                                fldz
                                                                                                                                                                                or ch, ch
                                                                                                                                                                                je 00007F6FC5596BA9h
                                                                                                                                                                                fchs
                                                                                                                                                                                ret
                                                                                                                                                                                fstp st(0)
                                                                                                                                                                                jmp 00007F6FC55973A5h
                                                                                                                                                                                fstp st(0)
                                                                                                                                                                                mov cl, ch
                                                                                                                                                                                jmp 00007F6FC5596BB2h
                                                                                                                                                                                call 00007F6FC5596B7Eh
                                                                                                                                                                                jmp 00007F6FC55973B0h
                                                                                                                                                                                int3
                                                                                                                                                                                int3
                                                                                                                                                                                int3
                                                                                                                                                                                int3
                                                                                                                                                                                int3
                                                                                                                                                                                int3
                                                                                                                                                                                int3
                                                                                                                                                                                int3
                                                                                                                                                                                push ebp
                                                                                                                                                                                mov ebp, esp
                                                                                                                                                                                add esp, FFFFFD30h
                                                                                                                                                                                push ebx
                                                                                                                                                                                wait
                                                                                                                                                                                fstcw word ptr [ebp+0000005Ch]

                                                                                                                                                                                Rich Headers

                                                                                                                                                                                Programming Language:
                                                                                                                                                                                • [C++] VS2008 build 21022
                                                                                                                                                                                • [ASM] VS2008 build 21022
                                                                                                                                                                                • [ C ] VS2008 build 21022
                                                                                                                                                                                • [IMP] VS2005 build 50727
                                                                                                                                                                                • [RES] VS2008 build 21022
                                                                                                                                                                                • [LNK] VS2008 build 21022

                                                                                                                                                                                Data Directories

                                                                                                                                                                                NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_IMPORT0x446cc0x50.text
                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_RESOURCE0x510000x3f50.rsrc
                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x50f80x40.text
                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_IAT0x10000x190.text
                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                                                                Sections

                                                                                                                                                                                NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                                .text0x10000x440080x44200c26f3465edcaac95bc73cca89c7f6884False0.8511790424311927data7.747222298774073IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                .data0x460000xae080x6400f92ff87c9bac69156a9a0b5c36247f1bFalse0.089609375dBase III DBT, next free block index 7565155, 1st item "\017\311\377?"1.0762700074763212IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                .rsrc0x510000x3f500x400002edb736d062a91681ebbf0f54b424a7False0.43341064453125data4.133541099201971IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

                                                                                                                                                                                Resources

                                                                                                                                                                                NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                                                                RT_CURSOR0x543f80x330Device independent bitmap graphic, 48 x 96 x 1, image size 00.1948529411764706
                                                                                                                                                                                RT_CURSOR0x547280x130Device independent bitmap graphic, 32 x 64 x 1, image size 00.33223684210526316
                                                                                                                                                                                RT_ICON0x512a00x6c8Device independent bitmap graphic, 24 x 48 x 8, image size 576, 256 important colorsRomanianRomania0.5120967741935484
                                                                                                                                                                                RT_ICON0x519680x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 9216RomanianRomania0.4157676348547718
                                                                                                                                                                                RT_ICON0x53f100x468Device independent bitmap graphic, 16 x 32 x 32, image size 1024RomanianRomania0.7393617021276596
                                                                                                                                                                                RT_STRING0x54ab80x496dataRomanianRomania0.4454855195911414
                                                                                                                                                                                RT_ACCELERATOR0x543a80x50dataRomanianRomania0.825
                                                                                                                                                                                RT_GROUP_CURSOR0x548580x22data1.0294117647058822
                                                                                                                                                                                RT_GROUP_ICON0x543780x30dataRomanianRomania0.9375
                                                                                                                                                                                RT_VERSION0x548800x234data0.5336879432624113

                                                                                                                                                                                Imports

                                                                                                                                                                                DLLImport
                                                                                                                                                                                KERNEL32.dllEnumCalendarInfoA, InterlockedIncrement, GetCurrentProcess, GetLogicalDriveStringsW, InterlockedCompareExchange, WriteConsoleInputA, FindNextVolumeMountPointA, EscapeCommFunction, GetWindowsDirectoryA, EnumTimeFormatsW, CopyFileW, GetConsoleAliasExesLengthW, CreateSemaphoreA, SetComputerNameExW, GetShortPathNameA, LCMapStringA, InterlockedExchange, GetLastError, GetCurrentDirectoryW, SetLastError, GetProcAddress, VirtualAlloc, GetAtomNameA, LoadLibraryA, InterlockedExchangeAdd, SetCalendarInfoW, OpenEventA, GlobalUnWire, GetModuleHandleA, FreeEnvironmentStringsW, EnumDateFormatsW, GetVersionExA, ReadConsoleInputW, TerminateJobObject, GetCurrentProcessId, EnumCalendarInfoExA, CreateFileA, WriteConsoleW, UnhandledExceptionFilter, SetUnhandledExceptionFilter, MultiByteToWideChar, HeapReAlloc, HeapAlloc, GetCommandLineA, GetStartupInfoA, TerminateProcess, IsDebuggerPresent, GetModuleHandleW, TlsGetValue, TlsAlloc, TlsSetValue, TlsFree, GetCurrentThreadId, InterlockedDecrement, Sleep, HeapSize, ExitProcess, ReadFile, EnterCriticalSection, LeaveCriticalSection, SetHandleCount, GetStdHandle, GetFileType, DeleteCriticalSection, HeapFree, WriteFile, GetModuleFileNameA, GetCPInfo, GetACP, GetOEMCP, IsValidCodePage, SetFilePointer, HeapCreate, VirtualFree, CloseHandle, FreeEnvironmentStringsA, GetEnvironmentStrings, WideCharToMultiByte, GetEnvironmentStringsW, QueryPerformanceCounter, GetTickCount, GetSystemTimeAsFileTime, RaiseException, InitializeCriticalSectionAndSpinCount, RtlUnwind, SetStdHandle, LCMapStringW, GetStringTypeA, GetStringTypeW, GetLocaleInfoA, GetConsoleCP, GetConsoleMode, FlushFileBuffers, WriteConsoleA, GetConsoleOutputCP
                                                                                                                                                                                SHELL32.dllDragQueryPoint
                                                                                                                                                                                ole32.dllCoRegisterPSClsid

                                                                                                                                                                                Possible Origin

                                                                                                                                                                                Language of compilation systemCountry where language is spokenMap
                                                                                                                                                                                RomanianRomania

                                                                                                                                                                                Network Behavior

                                                                                                                                                                                Suricata IDS Alerts

                                                                                                                                                                                TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                                                                                                2025-01-10T11:35:08.938571+01002058514ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (wordyfindy .lat)1192.168.2.10598861.1.1.153UDP
                                                                                                                                                                                2025-01-10T11:35:08.950601+01002058502ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (slipperyloo .lat)1192.168.2.10576571.1.1.153UDP
                                                                                                                                                                                2025-01-10T11:35:08.960492+01002058492ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (manyrestro .lat)1192.168.2.10508061.1.1.153UDP
                                                                                                                                                                                2025-01-10T11:35:08.971563+01002058500ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (shapestickyr .lat)1192.168.2.10582591.1.1.153UDP
                                                                                                                                                                                2025-01-10T11:35:08.982677+01002058510ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (talkynicer .lat)1192.168.2.10566731.1.1.153UDP
                                                                                                                                                                                2025-01-10T11:35:08.994011+01002058484ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (curverpluch .lat)1192.168.2.10546991.1.1.153UDP
                                                                                                                                                                                2025-01-10T11:35:09.005316+01002058512ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (tentabatte .lat)1192.168.2.10590721.1.1.153UDP
                                                                                                                                                                                2025-01-10T11:35:09.039565+01002058480ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (bashfulacid .lat)1192.168.2.10542681.1.1.153UDP
                                                                                                                                                                                2025-01-10T11:35:09.768336+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.1049717104.102.49.254443TCP
                                                                                                                                                                                2025-01-10T11:35:10.483329+01002858666ETPRO MALWARE Win32/Lumma Stealer Steam Profile Lookup1192.168.2.1049717104.102.49.254443TCP

                                                                                                                                                                                Network Port Distribution

                                                                                                                                                                                TCP Packets

                                                                                                                                                                                TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                Jan 10, 2025 11:35:09.099169970 CET49717443192.168.2.10104.102.49.254
                                                                                                                                                                                Jan 10, 2025 11:35:09.099205017 CET44349717104.102.49.254192.168.2.10
                                                                                                                                                                                Jan 10, 2025 11:35:09.099273920 CET49717443192.168.2.10104.102.49.254
                                                                                                                                                                                Jan 10, 2025 11:35:09.116286993 CET49717443192.168.2.10104.102.49.254
                                                                                                                                                                                Jan 10, 2025 11:35:09.116303921 CET44349717104.102.49.254192.168.2.10
                                                                                                                                                                                Jan 10, 2025 11:35:09.768258095 CET44349717104.102.49.254192.168.2.10
                                                                                                                                                                                Jan 10, 2025 11:35:09.768336058 CET49717443192.168.2.10104.102.49.254
                                                                                                                                                                                Jan 10, 2025 11:35:09.772686005 CET49717443192.168.2.10104.102.49.254
                                                                                                                                                                                Jan 10, 2025 11:35:09.772701025 CET44349717104.102.49.254192.168.2.10
                                                                                                                                                                                Jan 10, 2025 11:35:09.773041010 CET44349717104.102.49.254192.168.2.10
                                                                                                                                                                                Jan 10, 2025 11:35:09.824996948 CET49717443192.168.2.10104.102.49.254
                                                                                                                                                                                Jan 10, 2025 11:35:10.094136953 CET49717443192.168.2.10104.102.49.254
                                                                                                                                                                                Jan 10, 2025 11:35:10.135329962 CET44349717104.102.49.254192.168.2.10
                                                                                                                                                                                Jan 10, 2025 11:35:10.483359098 CET44349717104.102.49.254192.168.2.10
                                                                                                                                                                                Jan 10, 2025 11:35:10.483386993 CET44349717104.102.49.254192.168.2.10
                                                                                                                                                                                Jan 10, 2025 11:35:10.483393908 CET44349717104.102.49.254192.168.2.10
                                                                                                                                                                                Jan 10, 2025 11:35:10.483428955 CET44349717104.102.49.254192.168.2.10
                                                                                                                                                                                Jan 10, 2025 11:35:10.483433008 CET49717443192.168.2.10104.102.49.254
                                                                                                                                                                                Jan 10, 2025 11:35:10.483459949 CET44349717104.102.49.254192.168.2.10
                                                                                                                                                                                Jan 10, 2025 11:35:10.483484030 CET44349717104.102.49.254192.168.2.10
                                                                                                                                                                                Jan 10, 2025 11:35:10.483498096 CET49717443192.168.2.10104.102.49.254
                                                                                                                                                                                Jan 10, 2025 11:35:10.483530998 CET49717443192.168.2.10104.102.49.254
                                                                                                                                                                                Jan 10, 2025 11:35:10.570039034 CET44349717104.102.49.254192.168.2.10
                                                                                                                                                                                Jan 10, 2025 11:35:10.570102930 CET44349717104.102.49.254192.168.2.10
                                                                                                                                                                                Jan 10, 2025 11:35:10.570126057 CET49717443192.168.2.10104.102.49.254
                                                                                                                                                                                Jan 10, 2025 11:35:10.570138931 CET44349717104.102.49.254192.168.2.10
                                                                                                                                                                                Jan 10, 2025 11:35:10.570247889 CET49717443192.168.2.10104.102.49.254
                                                                                                                                                                                Jan 10, 2025 11:35:10.570404053 CET49717443192.168.2.10104.102.49.254
                                                                                                                                                                                Jan 10, 2025 11:35:10.571815968 CET49717443192.168.2.10104.102.49.254
                                                                                                                                                                                Jan 10, 2025 11:35:10.571815968 CET49717443192.168.2.10104.102.49.254
                                                                                                                                                                                Jan 10, 2025 11:35:10.571835995 CET44349717104.102.49.254192.168.2.10
                                                                                                                                                                                Jan 10, 2025 11:35:10.571846008 CET44349717104.102.49.254192.168.2.10

                                                                                                                                                                                UDP Packets

                                                                                                                                                                                TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                Jan 10, 2025 11:35:08.924097061 CET6539753192.168.2.101.1.1.1
                                                                                                                                                                                Jan 10, 2025 11:35:08.934483051 CET53653971.1.1.1192.168.2.10
                                                                                                                                                                                Jan 10, 2025 11:35:08.938570976 CET5988653192.168.2.101.1.1.1
                                                                                                                                                                                Jan 10, 2025 11:35:08.947405100 CET53598861.1.1.1192.168.2.10
                                                                                                                                                                                Jan 10, 2025 11:35:08.950601101 CET5765753192.168.2.101.1.1.1
                                                                                                                                                                                Jan 10, 2025 11:35:08.959228992 CET53576571.1.1.1192.168.2.10
                                                                                                                                                                                Jan 10, 2025 11:35:08.960491896 CET5080653192.168.2.101.1.1.1
                                                                                                                                                                                Jan 10, 2025 11:35:08.968643904 CET53508061.1.1.1192.168.2.10
                                                                                                                                                                                Jan 10, 2025 11:35:08.971563101 CET5825953192.168.2.101.1.1.1
                                                                                                                                                                                Jan 10, 2025 11:35:08.981537104 CET53582591.1.1.1192.168.2.10
                                                                                                                                                                                Jan 10, 2025 11:35:08.982676983 CET5667353192.168.2.101.1.1.1
                                                                                                                                                                                Jan 10, 2025 11:35:08.991472960 CET53566731.1.1.1192.168.2.10
                                                                                                                                                                                Jan 10, 2025 11:35:08.994010925 CET5469953192.168.2.101.1.1.1
                                                                                                                                                                                Jan 10, 2025 11:35:09.002867937 CET53546991.1.1.1192.168.2.10
                                                                                                                                                                                Jan 10, 2025 11:35:09.005316019 CET5907253192.168.2.101.1.1.1
                                                                                                                                                                                Jan 10, 2025 11:35:09.014484882 CET53590721.1.1.1192.168.2.10
                                                                                                                                                                                Jan 10, 2025 11:35:09.039565086 CET5426853192.168.2.101.1.1.1
                                                                                                                                                                                Jan 10, 2025 11:35:09.048608065 CET53542681.1.1.1192.168.2.10
                                                                                                                                                                                Jan 10, 2025 11:35:09.052063942 CET5601153192.168.2.101.1.1.1
                                                                                                                                                                                Jan 10, 2025 11:35:09.059875965 CET53560111.1.1.1192.168.2.10

                                                                                                                                                                                DNS Queries

                                                                                                                                                                                TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                                                Jan 10, 2025 11:35:08.924097061 CET192.168.2.101.1.1.10x756cStandard query (0)dxkushha.comA (IP address)IN (0x0001)false
                                                                                                                                                                                Jan 10, 2025 11:35:08.938570976 CET192.168.2.101.1.1.10xa19Standard query (0)wordyfindy.latA (IP address)IN (0x0001)false
                                                                                                                                                                                Jan 10, 2025 11:35:08.950601101 CET192.168.2.101.1.1.10x9876Standard query (0)slipperyloo.latA (IP address)IN (0x0001)false
                                                                                                                                                                                Jan 10, 2025 11:35:08.960491896 CET192.168.2.101.1.1.10xf76bStandard query (0)manyrestro.latA (IP address)IN (0x0001)false
                                                                                                                                                                                Jan 10, 2025 11:35:08.971563101 CET192.168.2.101.1.1.10xa91aStandard query (0)shapestickyr.latA (IP address)IN (0x0001)false
                                                                                                                                                                                Jan 10, 2025 11:35:08.982676983 CET192.168.2.101.1.1.10x4aa9Standard query (0)talkynicer.latA (IP address)IN (0x0001)false
                                                                                                                                                                                Jan 10, 2025 11:35:08.994010925 CET192.168.2.101.1.1.10xe26dStandard query (0)curverpluch.latA (IP address)IN (0x0001)false
                                                                                                                                                                                Jan 10, 2025 11:35:09.005316019 CET192.168.2.101.1.1.10x15e7Standard query (0)tentabatte.latA (IP address)IN (0x0001)false
                                                                                                                                                                                Jan 10, 2025 11:35:09.039565086 CET192.168.2.101.1.1.10x5cf4Standard query (0)bashfulacid.latA (IP address)IN (0x0001)false
                                                                                                                                                                                Jan 10, 2025 11:35:09.052063942 CET192.168.2.101.1.1.10x5909Standard query (0)steamcommunity.comA (IP address)IN (0x0001)false

                                                                                                                                                                                DNS Answers

                                                                                                                                                                                TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                                                Jan 10, 2025 11:35:08.934483051 CET1.1.1.1192.168.2.100x756cName error (3)dxkushha.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                Jan 10, 2025 11:35:08.947405100 CET1.1.1.1192.168.2.100xa19Name error (3)wordyfindy.latnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                Jan 10, 2025 11:35:08.959228992 CET1.1.1.1192.168.2.100x9876Name error (3)slipperyloo.latnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                Jan 10, 2025 11:35:08.968643904 CET1.1.1.1192.168.2.100xf76bName error (3)manyrestro.latnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                Jan 10, 2025 11:35:08.981537104 CET1.1.1.1192.168.2.100xa91aName error (3)shapestickyr.latnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                Jan 10, 2025 11:35:08.991472960 CET1.1.1.1192.168.2.100x4aa9Name error (3)talkynicer.latnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                Jan 10, 2025 11:35:09.002867937 CET1.1.1.1192.168.2.100xe26dName error (3)curverpluch.latnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                Jan 10, 2025 11:35:09.014484882 CET1.1.1.1192.168.2.100x15e7Name error (3)tentabatte.latnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                Jan 10, 2025 11:35:09.048608065 CET1.1.1.1192.168.2.100x5cf4Name error (3)bashfulacid.latnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                Jan 10, 2025 11:35:09.059875965 CET1.1.1.1192.168.2.100x5909No error (0)steamcommunity.com104.102.49.254A (IP address)IN (0x0001)false

                                                                                                                                                                                HTTP Request Dependency Graph

                                                                                                                                                                                • steamcommunity.com

                                                                                                                                                                                HTTPS Proxied Packets

                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                0192.168.2.1049717104.102.49.2544437728C:\Users\user\Desktop\1.exe
                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                2025-01-10 10:35:10 UTC219OUTGET /profiles/76561199724331900 HTTP/1.1
                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                Host: steamcommunity.com
                                                                                                                                                                                2025-01-10 10:35:10 UTC1905INHTTP/1.1 200 OK
                                                                                                                                                                                Server: nginx
                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                Content-Security-Policy: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.fastly.steamstatic.com/ https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.fastly.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq. [TRUNCATED]
                                                                                                                                                                                Expires: Mon, 26 Jul 1997 05:00:00 GMT
                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                Date: Fri, 10 Jan 2025 10:35:10 GMT
                                                                                                                                                                                Content-Length: 25665
                                                                                                                                                                                Connection: close
                                                                                                                                                                                Set-Cookie: sessionid=595ccf85d8f9c06be4c18019; Path=/; Secure; SameSite=None
                                                                                                                                                                                Set-Cookie: steamCountry=US%7C185ce35c568ebbb18a145d0cabae7186; Path=/; Secure; HttpOnly; SameSite=None
                                                                                                                                                                                2025-01-10 10:35:10 UTC14479INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 20 72 65 73 70 6f 6e 73 69 76 65 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 0a 09 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 74 68 65 6d 65 2d 63 6f 6c 6f 72 22 20 63 6f 6e 74 65 6e 74 3d 22 23 31 37 31 61 32 31 22 3e 0a 09 09 3c 74 69 74 6c 65 3e
                                                                                                                                                                                Data Ascii: <!DOCTYPE html><html class=" responsive" lang="en"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><meta name="viewport" content="width=device-width,initial-scale=1"><meta name="theme-color" content="#171a21"><title>
                                                                                                                                                                                2025-01-10 10:35:10 UTC11186INData Raw: 3f 6c 3d 6b 6f 72 65 61 6e 61 22 20 6f 6e 63 6c 69 63 6b 3d 22 43 68 61 6e 67 65 4c 61 6e 67 75 61 67 65 28 20 27 6b 6f 72 65 61 6e 61 27 20 29 3b 20 72 65 74 75 72 6e 20 66 61 6c 73 65 3b 22 3e ed 95 9c ea b5 ad ec 96 b4 20 28 4b 6f 72 65 61 6e 29 3c 2f 61 3e 0a 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 3c 61 20 63 6c 61 73 73 3d 22 70 6f 70 75 70 5f 6d 65 6e 75 5f 69 74 65 6d 20 74 69 67 68 74 22 20 68 72 65 66 3d 22 3f 6c 3d 74 68 61 69 22 20 6f 6e 63 6c 69 63 6b 3d 22 43 68 61 6e 67 65 4c 61 6e 67 75 61 67 65 28 20 27 74 68 61 69 27 20 29 3b 20 72 65 74 75 72 6e 20 66 61 6c 73 65 3b 22 3e e0 b9 84 e0 b8 97 e0 b8 a2 20 28 54 68 61 69 29 3c 2f 61 3e 0a 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09
                                                                                                                                                                                Data Ascii: ?l=koreana" onclick="ChangeLanguage( 'koreana' ); return false;"> (Korean)</a><a class="popup_menu_item tight" href="?l=thai" onclick="ChangeLanguage( 'thai' ); return false;"> (Thai)</a>


                                                                                                                                                                                Statistics

                                                                                                                                                                                CPU Usage

                                                                                                                                                                                Click to jump to process

                                                                                                                                                                                Memory Usage

                                                                                                                                                                                Click to jump to process

                                                                                                                                                                                High Level Behavior Distribution

                                                                                                                                                                                Click to dive into process behavior distribution

                                                                                                                                                                                Behavior

                                                                                                                                                                                Click to jump to process

                                                                                                                                                                                System Behavior

                                                                                                                                                                                General

                                                                                                                                                                                Target ID:0
                                                                                                                                                                                Start time:05:35:07
                                                                                                                                                                                Start date:10/01/2025
                                                                                                                                                                                Path:C:\Users\user\Desktop\1.exe
                                                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                                                Commandline:"C:\Users\user\Desktop\1.exe"
                                                                                                                                                                                Imagebase:0x400000
                                                                                                                                                                                File size:322'048 bytes
                                                                                                                                                                                MD5 hash:2D81DE63F4B774466AB048F90F864B9C
                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                Yara matches:
                                                                                                                                                                                • Rule: Windows_Trojan_RedLineStealer_ed346e4c, Description: unknown, Source: 00000000.00000002.1595867373.00000000005D0000.00000040.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                • Rule: Windows_Trojan_Smokeloader_3687686f, Description: unknown, Source: 00000000.00000002.1595932109.0000000000630000.00000040.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                Reputation:low
                                                                                                                                                                                Has exited:true

                                                                                                                                                                                General

                                                                                                                                                                                Target ID:4
                                                                                                                                                                                Start time:05:35:10
                                                                                                                                                                                Start date:10/01/2025
                                                                                                                                                                                Path:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                                                Commandline:C:\Windows\SysWOW64\WerFault.exe -u -p 7728 -s 612
                                                                                                                                                                                Imagebase:0x6a0000
                                                                                                                                                                                File size:483'680 bytes
                                                                                                                                                                                MD5 hash:C31336C1EFC2CCB44B4326EA793040F2
                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                Reputation:high
                                                                                                                                                                                Has exited:true

                                                                                                                                                                                Disassembly

                                                                                                                                                                                Reset < >

                                                                                                                                                                                  Execution Graph

                                                                                                                                                                                  Execution Coverage:1.4%
                                                                                                                                                                                  Dynamic/Decrypted Code Coverage:38.2%
                                                                                                                                                                                  Signature Coverage:44.7%
                                                                                                                                                                                  Total number of Nodes:76
                                                                                                                                                                                  Total number of Limit Nodes:5
                                                                                                                                                                                  execution_graph 25446 408720 25448 40872f 25446->25448 25447 408a15 ExitProcess 25448->25447 25449 408744 GetCurrentProcessId GetCurrentThreadId 25448->25449 25450 4089f9 25448->25450 25451 40876a 25449->25451 25452 40876e SHGetSpecialFolderPathW 25449->25452 25450->25447 25451->25452 25453 408860 25452->25453 25453->25453 25459 43a080 25453->25459 25455 4088f3 GetForegroundWindow 25457 4089ab 25455->25457 25457->25450 25462 40c900 CoInitializeEx 25457->25462 25463 43d0f0 25459->25463 25461 43a08a RtlAllocateHeap 25461->25455 25464 43d100 25463->25464 25464->25461 25464->25464 25465 43c223 25466 43c250 25465->25466 25466->25466 25467 43c28e 25466->25467 25469 43bad0 LdrInitializeThunk 25466->25469 25469->25467 25503 43bc91 GetForegroundWindow 25504 43bcb1 25503->25504 25470 43eec0 25471 43eee0 25470->25471 25471->25471 25474 43ef3e 25471->25474 25476 43bad0 LdrInitializeThunk 25471->25476 25472 43efee 25474->25472 25477 43bad0 LdrInitializeThunk 25474->25477 25476->25474 25477->25472 25505 409d14 25508 43d450 25505->25508 25509 409d24 WSAStartup 25508->25509 25483 43c4a5 25484 43c39f 25483->25484 25485 43c46e 25484->25485 25487 43bad0 LdrInitializeThunk 25484->25487 25487->25485 25488 43c0a5 25489 43c0c0 25488->25489 25492 43bad0 LdrInitializeThunk 25489->25492 25491 43c20b 25492->25491 25510 5d0000 25513 5d0006 25510->25513 25514 5d0015 25513->25514 25517 5d07a6 25514->25517 25518 5d07c1 25517->25518 25519 5d07ca CreateToolhelp32Snapshot 25518->25519 25520 5d07e6 Module32First 25518->25520 25519->25518 25519->25520 25521 5d0005 25520->25521 25522 5d07f5 25520->25522 25524 5d0465 25522->25524 25525 5d0490 25524->25525 25526 5d04d9 25525->25526 25527 5d04a1 VirtualAlloc 25525->25527 25526->25526 25527->25526 25493 40b14f 25495 40b162 25493->25495 25496 40b15b 25493->25496 25495->25496 25497 43ba70 25495->25497 25498 43ba88 25497->25498 25499 43baaa 25497->25499 25502 43bab0 25497->25502 25501 43ba9b RtlReAllocateHeap 25498->25501 25498->25502 25500 43a080 RtlAllocateHeap 25499->25500 25500->25502 25501->25502 25502->25495 25528 63003c 25529 630049 25528->25529 25543 630e0f SetErrorMode SetErrorMode 25529->25543 25534 630265 25535 6302ce VirtualProtect 25534->25535 25537 63030b 25535->25537 25536 630439 VirtualFree 25541 6305f4 LoadLibraryA 25536->25541 25542 6304be 25536->25542 25537->25536 25538 6304e3 LoadLibraryA 25538->25542 25540 6308c7 25541->25540 25542->25538 25542->25541 25544 630223 25543->25544 25545 630d90 25544->25545 25546 630dad 25545->25546 25547 630dbb GetPEB 25546->25547 25548 630238 VirtualAlloc 25546->25548 25547->25548 25548->25534

                                                                                                                                                                                  Executed Functions

                                                                                                                                                                                  Function 0040B14F Relevance: 15.5, Strings: 12, Instructions: 473COMMON
                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                  • Executed
                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                  control_flow_graph 0 40b14f-40b154 1 40b4e0-40b4ea 0->1 2 40b411-40b491 call 407ec0 0->2 3 40b162-40b38f 0->3 4 40b4f3-40b506 0->4 5 40b408-40b40c 0->5 6 40b498-40b4a2 0->6 7 40b4c9-40b4d9 0->7 8 40b15b-40b15d 0->8 1->4 2->1 2->4 2->6 2->7 16 40b5e0-40b5f4 2->16 17 40b640 2->17 18 40b7a6-40b7d2 2->18 19 40b746-40b74b 2->19 20 40b6c9-40b6d0 2->20 21 40b62c-40b635 2->21 22 40b6ee-40b700 2->22 23 40b72e-40b744 2->23 24 40b590-40b5a4 2->24 25 40b6b0-40b6c3 2->25 26 40b696 2->26 27 40b6d7-40b6e7 2->27 28 40b7d9-40b7df 2->28 29 40b779-40b790 call 43ba70 2->29 30 40b69c-40b6af 2->30 15 40b390-40b3e8 3->15 9 40b510-40b57c 4->9 10 40b7ff-40b80b 5->10 12 40b4c0-40b4c4 6->12 13 40b4a9-40b4be call 43d450 6->13 7->1 7->4 7->16 7->17 7->18 7->19 7->20 7->21 7->22 7->23 7->24 7->25 7->26 7->27 7->28 7->29 7->30 14 40b80e-40b815 8->14 9->9 46 40b57e-40b587 9->46 10->14 45 40b7f5-40b7f8 12->45 13->12 15->15 49 40b3ea-40b3f5 15->49 48 40b600-40b612 16->48 18->12 18->13 18->17 18->28 33 40b7e0 18->33 34 40b7e2 18->34 35 40b646-40b64d 18->35 36 40b707-40b729 call 43d450 18->36 37 40b68b 18->37 38 40b68d-40b691 18->38 39 40b670-40b685 call 43d450 18->39 40 40b752 18->40 41 40b654 18->41 42 40b65a-40b66f call 43d450 18->42 19->12 19->13 19->17 19->28 19->33 19->34 19->35 19->36 19->37 19->38 19->39 19->40 19->41 19->42 20->18 20->19 20->22 20->23 20->27 20->28 20->29 21->17 21->18 21->19 21->20 21->22 21->23 21->25 21->26 21->27 21->28 21->29 21->30 22->12 22->13 22->17 22->34 22->35 22->36 22->37 22->38 22->39 22->41 22->42 32 40b754-40b758 23->32 47 40b5b0-40b5c2 24->47 25->20 26->30 27->18 27->19 27->22 27->23 27->28 27->29 28->33 53 40b795-40b79f 29->53 30->25 65 40b75f-40b772 32->65 67 40b7e9 34->67 35->12 35->13 35->37 35->38 35->39 35->41 35->42 36->34 37->38 55 40b7ec 38->55 39->37 40->32 42->39 45->10 46->24 47->47 57 40b5c4-40b5d6 47->57 48->48 59 40b614-40b624 48->59 68 40b3f8-40b401 49->68 53->18 53->19 55->45 57->16 59->21 65->18 65->19 65->28 65->29 67->55 68->1 68->2 68->4 68->5 68->6 68->7 68->16 68->17 68->18 68->19 68->20 68->21 68->22 68->23 68->24 68->25 68->26 68->27 68->28 68->29 68->30
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.1595752443.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                  • Associated: 00000000.00000002.1595752443.0000000000451000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_1.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID: 'H%N$.L~R$6\/b$7$9D,J$;lMr$BpAv$DxY~$EtEz$Kh;n$fPcV$gTuZ
                                                                                                                                                                                  • API String ID: 0-762781089
                                                                                                                                                                                  • Opcode ID: fdcd5b9e92bd8f6692000ddb8a0be7529f5384ae9a1058f92a839b8179818faa
                                                                                                                                                                                  • Instruction ID: ee9f2ec4dcae0e3d39e73061afe47dc12f7050c441b779a21ac5773305d4c7d9
                                                                                                                                                                                  • Opcode Fuzzy Hash: fdcd5b9e92bd8f6692000ddb8a0be7529f5384ae9a1058f92a839b8179818faa
                                                                                                                                                                                  • Instruction Fuzzy Hash: 9202ACB9200B01DFD324CF25D891757BBE1FB8A701F14896CD5AA8B7A0CB75A846CF44
                                                                                                                                                                                  Function 00408720 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 235threadCOMMON
                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                  • Executed
                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                  control_flow_graph 164 408720-408731 call 43b340 167 408a15-408a17 ExitProcess 164->167 168 408737-40873e call 433fb0 164->168 171 408744-408768 GetCurrentProcessId GetCurrentThreadId 168->171 172 4089fe-408a05 168->172 175 40876a-40876c 171->175 176 40876e-408853 SHGetSpecialFolderPathW 171->176 173 408a10 call 43ba50 172->173 174 408a07-408a0d call 407ff0 172->174 173->167 174->173 175->176 177 408860-4088dd 176->177 177->177 180 4088df-40891f call 43a080 177->180 184 408920-40895b 180->184 185 408994-4089a9 GetForegroundWindow 184->185 186 40895d-408992 184->186 187 4089da-4089e8 call 409be0 185->187 188 4089ab-4089d8 185->188 186->184 190 4089ed-4089f2 187->190 188->187 190->172 191 4089f4-4089f9 call 40c900 call 40b820 190->191 191->172
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • GetCurrentProcessId.KERNEL32 ref: 00408744
                                                                                                                                                                                  • GetCurrentThreadId.KERNEL32 ref: 0040874E
                                                                                                                                                                                  • SHGetSpecialFolderPathW.SHELL32(00000000,?,00000010,00000000), ref: 00408808
                                                                                                                                                                                  • GetForegroundWindow.USER32 ref: 004089A1
                                                                                                                                                                                  • ExitProcess.KERNEL32 ref: 00408A17
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.1595752443.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                  • Associated: 00000000.00000002.1595752443.0000000000451000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_1.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: CurrentProcess$ExitFolderForegroundPathSpecialThreadWindow
                                                                                                                                                                                  • String ID: *t
                                                                                                                                                                                  • API String ID: 4063528623-4279232255
                                                                                                                                                                                  • Opcode ID: 18fe486032edb0969c4fe46b9c72ea22f78cc782d11755b5447650c5aff50698
                                                                                                                                                                                  • Instruction ID: 59a09f4aa6f0f146742c4b312151e509a05fd4ea0b744ce26f1448cff0f88d73
                                                                                                                                                                                  • Opcode Fuzzy Hash: 18fe486032edb0969c4fe46b9c72ea22f78cc782d11755b5447650c5aff50698
                                                                                                                                                                                  • Instruction Fuzzy Hash: E57168B3E043144BC318EF69DC4135AB6C79BC0714F1F813EA984EB3A5DE799C02869A
                                                                                                                                                                                  Function 005D07A6 Relevance: 3.0, APIs: 2, Instructions: 41processCOMMON
                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                  • Executed
                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                  control_flow_graph 199 5d07a6-5d07bf 200 5d07c1-5d07c3 199->200 201 5d07ca-5d07d6 CreateToolhelp32Snapshot 200->201 202 5d07c5 200->202 203 5d07d8-5d07de 201->203 204 5d07e6-5d07f3 Module32First 201->204 202->201 203->204 209 5d07e0-5d07e4 203->209 205 5d07fc-5d0804 204->205 206 5d07f5-5d07f6 call 5d0465 204->206 210 5d07fb 206->210 209->200 209->204 210->205
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • CreateToolhelp32Snapshot.KERNEL32(00000008,00000000), ref: 005D07CE
                                                                                                                                                                                  • Module32First.KERNEL32(00000000,00000224), ref: 005D07EE
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.1595867373.00000000005D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 005D0000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_5d0000_1.jbxd
                                                                                                                                                                                  Yara matches
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: CreateFirstModule32SnapshotToolhelp32
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 3833638111-0
                                                                                                                                                                                  • Opcode ID: 3788706d20f5b898e185810e19a2e38a50b9b544ac306a9cd33eedd6d527d18a
                                                                                                                                                                                  • Instruction ID: 8f7057d182d52e5d8d17b52e5d7d48d6a25eedb29cc32fc9efc818b3a6e7ca75
                                                                                                                                                                                  • Opcode Fuzzy Hash: 3788706d20f5b898e185810e19a2e38a50b9b544ac306a9cd33eedd6d527d18a
                                                                                                                                                                                  • Instruction Fuzzy Hash: 72F062315017116BD7303AB9988DBAF7AE8FF49765F10152BE642D51C0DA70F8454A61
                                                                                                                                                                                  Function 0043BAD0 Relevance: 1.5, APIs: 1, Instructions: 14libraryCOMMON
                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                  • Executed
                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                  control_flow_graph 233 43bad0-43bb02 LdrInitializeThunk
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • LdrInitializeThunk.NTDLL(0043EA7B,005C003F,0000002C,?,?,00000018,?,00000000,?,?,?,?,00000000,00000000), ref: 0043BAFE
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.1595752443.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                  • Associated: 00000000.00000002.1595752443.0000000000451000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_1.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: InitializeThunk
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 2994545307-0
                                                                                                                                                                                  • Opcode ID: 428b37146f2ab8bbef251fdb989594d24ae2c5b49c4db8728953df82dacde34d
                                                                                                                                                                                  • Instruction ID: 0c3231226d6b2b3a527619dcc08e6164a4fafcc19f94aab6dc14dc2c5ea58878
                                                                                                                                                                                  • Opcode Fuzzy Hash: 428b37146f2ab8bbef251fdb989594d24ae2c5b49c4db8728953df82dacde34d
                                                                                                                                                                                  • Instruction Fuzzy Hash: A2E0FE75908316AF9A08CF45C14444EFBE5BFC4714F11CC8DA4D863210D3B0AD46DF82
                                                                                                                                                                                  Function 0043C59C Relevance: 1.3, Strings: 1, Instructions: 70COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.1595752443.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                  • Associated: 00000000.00000002.1595752443.0000000000451000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_1.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: InitializeThunk
                                                                                                                                                                                  • String ID: 9.
                                                                                                                                                                                  • API String ID: 2994545307-3220845746
                                                                                                                                                                                  • Opcode ID: 5024367527347479683bb054170e8ef7dc2cffefcb2d3e463b180e72e29f40bd
                                                                                                                                                                                  • Instruction ID: 6eaeed17bd0a61a2bdf4398491a9cff36e71a2c196544e54e2a45a99ade0a44b
                                                                                                                                                                                  • Opcode Fuzzy Hash: 5024367527347479683bb054170e8ef7dc2cffefcb2d3e463b180e72e29f40bd
                                                                                                                                                                                  • Instruction Fuzzy Hash: 34110835A006248BDB148F24DC957BB77E1FB5A324F28BA2CD851B73E1D774AC058B48
                                                                                                                                                                                  Function 0043EEC0 Relevance: .1, Instructions: 141COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.1595752443.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                  • Associated: 00000000.00000002.1595752443.0000000000451000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_1.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: InitializeThunk
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 2994545307-0
                                                                                                                                                                                  • Opcode ID: ec917f8421febea027f051b2950581d95fa3f007f75f0674d824b186050de03f
                                                                                                                                                                                  • Instruction ID: 043cc890cb6b2b30803d39af6b3c454268537f3fae5b00cf446519d023dfd00f
                                                                                                                                                                                  • Opcode Fuzzy Hash: ec917f8421febea027f051b2950581d95fa3f007f75f0674d824b186050de03f
                                                                                                                                                                                  • Instruction Fuzzy Hash: E7413975605304AFE3288F29DCC1B7BB3A6EB8D718F24552DE1C697291CAB4BC11C649
                                                                                                                                                                                  Function 0063003C Relevance: 12.8, APIs: 5, Strings: 2, Instructions: 515memoryCOMMON
                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                  • Executed
                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                  control_flow_graph 75 63003c-630047 76 630049 75->76 77 63004c-630263 call 630a3f call 630e0f call 630d90 VirtualAlloc 75->77 76->77 92 630265-630289 call 630a69 77->92 93 63028b-630292 77->93 97 6302ce-6303c2 VirtualProtect call 630cce call 630ce7 92->97 94 6302a1-6302b0 93->94 96 6302b2-6302cc 94->96 94->97 96->94 104 6303d1-6303e0 97->104 105 6303e2-630437 call 630ce7 104->105 106 630439-6304b8 VirtualFree 104->106 105->104 108 6305f4-6305fe 106->108 109 6304be-6304cd 106->109 111 630604-63060d 108->111 112 63077f-630789 108->112 110 6304d3-6304dd 109->110 110->108 116 6304e3-630505 LoadLibraryA 110->116 111->112 117 630613-630637 111->117 114 6307a6-6307b0 112->114 115 63078b-6307a3 112->115 119 6307b6-6307cb 114->119 120 63086e-6308be LoadLibraryA 114->120 115->114 121 630517-630520 116->121 122 630507-630515 116->122 123 63063e-630648 117->123 124 6307d2-6307d5 119->124 127 6308c7-6308f9 120->127 125 630526-630547 121->125 122->125 123->112 126 63064e-63065a 123->126 128 6307d7-6307e0 124->128 129 630824-630833 124->129 130 63054d-630550 125->130 126->112 131 630660-63066a 126->131 132 630902-63091d 127->132 133 6308fb-630901 127->133 134 6307e2 128->134 135 6307e4-630822 128->135 139 630839-63083c 129->139 136 6305e0-6305ef 130->136 137 630556-63056b 130->137 138 63067a-630689 131->138 133->132 134->129 135->124 136->110 140 63056f-63057a 137->140 141 63056d 137->141 142 630750-63077a 138->142 143 63068f-6306b2 138->143 139->120 144 63083e-630847 139->144 146 63059b-6305bb 140->146 147 63057c-630599 140->147 141->136 142->123 148 6306b4-6306ed 143->148 149 6306ef-6306fc 143->149 150 63084b-63086c 144->150 151 630849 144->151 158 6305bd-6305db 146->158 147->158 148->149 152 63074b 149->152 153 6306fe-630748 149->153 150->139 151->120 152->138 153->152 158->130
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • VirtualAlloc.KERNELBASE(00000000,?,00001000,00000004), ref: 0063024D
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.1595932109.0000000000630000.00000040.00001000.00020000.00000000.sdmp, Offset: 00630000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_630000_1.jbxd
                                                                                                                                                                                  Yara matches
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: AllocVirtual
                                                                                                                                                                                  • String ID: cess$kernel32.dll
                                                                                                                                                                                  • API String ID: 4275171209-1230238691
                                                                                                                                                                                  • Opcode ID: aaa6c488ea091c11cf1d14b1b8159415dd1a008d9b857f0942c425a8c5fa1e0a
                                                                                                                                                                                  • Instruction ID: 8f69342a498a25bf33f9362e99804d6d805f6cc08e10f7a952bbbdd345a8224a
                                                                                                                                                                                  • Opcode Fuzzy Hash: aaa6c488ea091c11cf1d14b1b8159415dd1a008d9b857f0942c425a8c5fa1e0a
                                                                                                                                                                                  • Instruction Fuzzy Hash: AF527874A00229DFDB64CF58C995BA8BBB1BF09314F1480D9E90DAB351DB30AE89DF54
                                                                                                                                                                                  Function 00630E0F Relevance: 3.0, APIs: 2, Instructions: 15COMMON
                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                  • Executed
                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                  control_flow_graph 212 630e0f-630e24 SetErrorMode * 2 213 630e26 212->213 214 630e2b-630e2c 212->214 213->214
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • SetErrorMode.KERNELBASE(00000400,?,?,00630223,?,?), ref: 00630E19
                                                                                                                                                                                  • SetErrorMode.KERNELBASE(00000000,?,?,00630223,?,?), ref: 00630E1E
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.1595932109.0000000000630000.00000040.00001000.00020000.00000000.sdmp, Offset: 00630000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_630000_1.jbxd
                                                                                                                                                                                  Yara matches
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: ErrorMode
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 2340568224-0
                                                                                                                                                                                  • Opcode ID: 027e3930a8fc815aeaa48c4a19c17906f2e2d358c6b73c72f02d274321b10a64
                                                                                                                                                                                  • Instruction ID: 4b3f2dadeb50f47f9dffb3410bc12ca49dcb814039e7263dfb2ecc5297b295b0
                                                                                                                                                                                  • Opcode Fuzzy Hash: 027e3930a8fc815aeaa48c4a19c17906f2e2d358c6b73c72f02d274321b10a64
                                                                                                                                                                                  • Instruction Fuzzy Hash: 9ED0123124512877D7003A94DC09BCD7B1CDF05B62F008411FB0DD9180C770994046E5
                                                                                                                                                                                  Function 0043BA70 Relevance: 1.5, APIs: 1, Instructions: 30memoryCOMMON
                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                  • Executed
                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                  control_flow_graph 215 43ba70-43ba81 216 43ba96-43baa8 call 43d0f0 RtlReAllocateHeap 215->216 217 43bab5-43babe call 43a0a0 215->217 218 43baaa-43bab3 call 43a080 215->218 219 43ba88-43ba8f 215->219 226 43bac0-43bac2 216->226 217->226 218->226 219->216 219->217
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • RtlReAllocateHeap.NTDLL(?,00000000,004377BF,00000000,00004000,00000000,004377BF,00000000,00004000), ref: 0043BAA2
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.1595752443.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                  • Associated: 00000000.00000002.1595752443.0000000000451000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_1.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: AllocateHeap
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 1279760036-0
                                                                                                                                                                                  • Opcode ID: f12a0d30cc2367c78ba08f1fd21fcf34805736e507490131006d9ced82152e8a
                                                                                                                                                                                  • Instruction ID: be575660327ce48efbff70f1a81ba6d67653373a4ecd42db05ccb867a55137c7
                                                                                                                                                                                  • Opcode Fuzzy Hash: f12a0d30cc2367c78ba08f1fd21fcf34805736e507490131006d9ced82152e8a
                                                                                                                                                                                  • Instruction Fuzzy Hash: CBE02B36418311BBC2152F347D05B173A78DFCA734F050836F40192111DB38E81281EF
                                                                                                                                                                                  Function 0043BC91 Relevance: 1.5, APIs: 1, Instructions: 20COMMON
                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                  • Executed
                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                  control_flow_graph 227 43bc91-43bcac GetForegroundWindow call 43da50 229 43bcb1-43bcd8 227->229
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • GetForegroundWindow.USER32 ref: 0043BCA2
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.1595752443.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                  • Associated: 00000000.00000002.1595752443.0000000000451000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_1.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: ForegroundWindow
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 2020703349-0
                                                                                                                                                                                  • Opcode ID: de7ba2978205d3e5dac454b169e1469a028ee3eec04f5a814a46a1d3adc94483
                                                                                                                                                                                  • Instruction ID: 34fc1b220f50a438f75fecb060dcf8b9689bf8e5ef46e1e0de830b6ef63ced86
                                                                                                                                                                                  • Opcode Fuzzy Hash: de7ba2978205d3e5dac454b169e1469a028ee3eec04f5a814a46a1d3adc94483
                                                                                                                                                                                  • Instruction Fuzzy Hash: DBE04FB9E019459FCB48CF29FC504B977A2E759314704547DE503C7761DB389906CB08
                                                                                                                                                                                  Function 00409D14 Relevance: 1.5, APIs: 1, Instructions: 16networkCOMMON
                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                  • Executed
                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                  control_flow_graph 230 409d14-409d4a call 43d450 WSAStartup
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • WSAStartup.WS2_32(00000202), ref: 00409D2D
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.1595752443.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                  • Associated: 00000000.00000002.1595752443.0000000000451000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_1.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: Startup
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 724789610-0
                                                                                                                                                                                  • Opcode ID: 112ae928b6076224a194caab01e54303bba5699ad10f280d51aa3ba593721e56
                                                                                                                                                                                  • Instruction ID: e421cc4b815d9211bae57e581c20190f2641838792de2ebab469d000f4900200
                                                                                                                                                                                  • Opcode Fuzzy Hash: 112ae928b6076224a194caab01e54303bba5699ad10f280d51aa3ba593721e56
                                                                                                                                                                                  • Instruction Fuzzy Hash: E6D0A77E640142E7D304DF21FC6A9266209DB1660EB05503D6517C15A1DE206A21CD14
                                                                                                                                                                                  Function 0043A080 Relevance: 1.5, APIs: 1, Instructions: 9memoryCOMMON
                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                  • Executed
                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                  control_flow_graph 234 43a080-43a097 call 43d0f0 RtlAllocateHeap
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • RtlAllocateHeap.NTDLL(?,00000000,?,7B1647F3,004088F3,10130D9D), ref: 0043A090
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.1595752443.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                  • Associated: 00000000.00000002.1595752443.0000000000451000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_1.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: AllocateHeap
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 1279760036-0
                                                                                                                                                                                  • Opcode ID: a826fa1a808b86476f320bed956aa5f891f97a687e97340bd9f451430216ea59
                                                                                                                                                                                  • Instruction ID: 837ad169f02d3a6e148c43055f209d62a0c8dee17724750e6d7a36a8bc783edc
                                                                                                                                                                                  • Opcode Fuzzy Hash: a826fa1a808b86476f320bed956aa5f891f97a687e97340bd9f451430216ea59
                                                                                                                                                                                  • Instruction Fuzzy Hash: 2DC09B31445121ABC7142B15FC09FCA3F68EF45755F154095F00467071CB70AC92C6D9
                                                                                                                                                                                  Function 005D0465 Relevance: 1.3, APIs: 1, Instructions: 48memoryCOMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • VirtualAlloc.KERNELBASE(00000000,?,00001000,00000040), ref: 005D04B6
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.1595867373.00000000005D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 005D0000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_5d0000_1.jbxd
                                                                                                                                                                                  Yara matches
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: AllocVirtual
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 4275171209-0
                                                                                                                                                                                  • Opcode ID: 499270a49480bde3a93b1541ef130abcc6c407f96609cce36d97d57e1d2ec7bb
                                                                                                                                                                                  • Instruction ID: ccfa1cfe33d73c1334aaa5c1283835bd04c12ce6c7c6da2598788cef51fc63e8
                                                                                                                                                                                  • Opcode Fuzzy Hash: 499270a49480bde3a93b1541ef130abcc6c407f96609cce36d97d57e1d2ec7bb
                                                                                                                                                                                  • Instruction Fuzzy Hash: CA112A79A40208EFDB01DF98C985E98BFF5AB08351F058095FA489B362D371EA50DB80

                                                                                                                                                                                  Non-executed Functions

                                                                                                                                                                                  Function 00435135 Relevance: 65.4, Strings: 52, Instructions: 388COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.1595752443.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                  • Associated: 00000000.00000002.1595752443.0000000000451000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_1.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID: $ $"$$$&$($($*$*$,$.$0$2$3$4$4$6$8$9$:$<$>$C$D$E$F$F$G$H$J$J$M$M$R$V$W$\$]$^$f$f$h$i$k$l$n$r$t$v$w$x${
                                                                                                                                                                                  • API String ID: 0-1337114936
                                                                                                                                                                                  • Opcode ID: 262e9fa08c1ece9c10d37a470494363b6b4ebfbfc371c4b3e3e2894f3ee5a7c2
                                                                                                                                                                                  • Instruction ID: 8eb925fe0dbe9d022c72cba9f5ead9b6b9c095334d337fa25f7bffdbccd9ce20
                                                                                                                                                                                  • Opcode Fuzzy Hash: 262e9fa08c1ece9c10d37a470494363b6b4ebfbfc371c4b3e3e2894f3ee5a7c2
                                                                                                                                                                                  • Instruction Fuzzy Hash: 5E2231219087E989DB32C67C8C187CDBEA15B27324F0843D9D1E96B3D2D7750B86CB66
                                                                                                                                                                                  Function 0066539C Relevance: 65.4, Strings: 52, Instructions: 388COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.1595932109.0000000000630000.00000040.00001000.00020000.00000000.sdmp, Offset: 00630000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_630000_1.jbxd
                                                                                                                                                                                  Yara matches
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID: $ $"$$$&$($($*$*$,$.$0$2$3$4$4$6$8$9$:$<$>$C$D$E$F$F$G$H$J$J$M$M$R$V$W$\$]$^$f$f$h$i$k$l$n$r$t$v$w$x${
                                                                                                                                                                                  • API String ID: 0-1337114936
                                                                                                                                                                                  • Opcode ID: ea39f1e0171bb3637fb68a33c7931e993caac80f3a1807f05d10e5493bc36cc0
                                                                                                                                                                                  • Instruction ID: deac7b4c23563f4e41c54d586af74d2dfc598d4a7bdb0d843c959371f7b51540
                                                                                                                                                                                  • Opcode Fuzzy Hash: ea39f1e0171bb3637fb68a33c7931e993caac80f3a1807f05d10e5493bc36cc0
                                                                                                                                                                                  • Instruction Fuzzy Hash: 3F2230219087E98DDB32C67C8C487CDBEA15B27324F0843D9D1E96B2D2D7750B86CB66
                                                                                                                                                                                  Function 00431D10 Relevance: 40.4, APIs: 2, Strings: 21, Instructions: 163COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.1595752443.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                  • Associated: 00000000.00000002.1595752443.0000000000451000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_1.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: MetricsSystem
                                                                                                                                                                                  • String ID: $($C$5"C$O$C$O$C$O$C$O$C$O$C$O$C$O$C$O$C$O$C$O$C$O$C$O$C$O$C$O$C$O$C$O$C$_(C$i*C
                                                                                                                                                                                  • API String ID: 4116985748-3372999186
                                                                                                                                                                                  • Opcode ID: 8e9cdeb4bfab84274a9669cd475aa5743967b19e075009f034f97172db1c8e9c
                                                                                                                                                                                  • Instruction ID: 8d029f29b9a4e16f053ed14b1b3047fa4adeb45d898568eba0a28193ac899bff
                                                                                                                                                                                  • Opcode Fuzzy Hash: 8e9cdeb4bfab84274a9669cd475aa5743967b19e075009f034f97172db1c8e9c
                                                                                                                                                                                  • Instruction Fuzzy Hash: EEA16BB041C7818BE770DF18C448B9BBBE0BBC6308F51892ED5989B651C7B99848CF87
                                                                                                                                                                                  Function 0043483C Relevance: 34.0, Strings: 27, Instructions: 298COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.1595752443.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                  • Associated: 00000000.00000002.1595752443.0000000000451000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_1.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID: )$0$0$1$2$3$8$:$<$<$>$>$?$O$]$_$`$b$b$d$f$f$h$j$l$n$t
                                                                                                                                                                                  • API String ID: 0-3467771618
                                                                                                                                                                                  • Opcode ID: ad0508bd0fd51b432f1ab8c71498a23fde0021e4199baa8bcd57ccfbb1eb804c
                                                                                                                                                                                  • Instruction ID: 9df4e6ac9b8b6361a7a3246566c4a2beafd077ae2e058e07da63641af44063fb
                                                                                                                                                                                  • Opcode Fuzzy Hash: ad0508bd0fd51b432f1ab8c71498a23fde0021e4199baa8bcd57ccfbb1eb804c
                                                                                                                                                                                  • Instruction Fuzzy Hash: 27E183219087E98EDB22C67C88443CDBFB15B57324F1843D9D4E86B3D2C7754A86CB66
                                                                                                                                                                                  Function 00664AA3 Relevance: 34.0, Strings: 27, Instructions: 298COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.1595932109.0000000000630000.00000040.00001000.00020000.00000000.sdmp, Offset: 00630000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_630000_1.jbxd
                                                                                                                                                                                  Yara matches
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID: )$0$0$1$2$3$8$:$<$<$>$>$?$O$]$_$`$b$b$d$f$f$h$j$l$n$t
                                                                                                                                                                                  • API String ID: 0-3467771618
                                                                                                                                                                                  • Opcode ID: bbbb60a039060832fea7f0a1962f43042a04b7d259d48bd36c817536089891a7
                                                                                                                                                                                  • Instruction ID: cec2f91385d9934a5219dc068b6e4bd58376fb958a648b962ac8f41292dfdfec
                                                                                                                                                                                  • Opcode Fuzzy Hash: bbbb60a039060832fea7f0a1962f43042a04b7d259d48bd36c817536089891a7
                                                                                                                                                                                  • Instruction Fuzzy Hash: F7E163219087E98EDB22C67C88443DDBFB26B53324F1843D9D4E86B3D2C7754A46CB66
                                                                                                                                                                                  Function 00436BF0 Relevance: 20.0, APIs: 10, Strings: 1, Instructions: 718memorycomCOMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • CoCreateInstance.OLE32(0044168C,00000000,00000001,0044167C,00000000), ref: 00436E11
                                                                                                                                                                                  • SysAllocString.OLEAUT32(F5A3FBA8), ref: 00436EDA
                                                                                                                                                                                  • CoSetProxyBlanket.OLE32(D77F9D52,0000000A,00000000,00000000,00000003,00000003,00000000,00000000), ref: 00436F18
                                                                                                                                                                                  • SysAllocString.OLEAUT32(68DA6AD6), ref: 00436F6D
                                                                                                                                                                                  • SysAllocString.OLEAUT32(BD01C371), ref: 00437025
                                                                                                                                                                                  • VariantInit.OLEAUT32(F8FBFAF5), ref: 00437097
                                                                                                                                                                                  • SysFreeString.OLEAUT32(?), ref: 00437382
                                                                                                                                                                                  • SysFreeString.OLEAUT32(?), ref: 00437388
                                                                                                                                                                                  • SysFreeString.OLEAUT32(00000000), ref: 00437399
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.1595752443.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                  • Associated: 00000000.00000002.1595752443.0000000000451000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_1.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: String$AllocFree$BlanketCreateInitInstanceProxyVariant
                                                                                                                                                                                  • String ID: \
                                                                                                                                                                                  • API String ID: 2737081056-2967466578
                                                                                                                                                                                  • Opcode ID: 75a42a090690cbf01e55e82e48ecf76e61ca4ec783f0b790b218db4d75954228
                                                                                                                                                                                  • Instruction ID: 8756ce95e963843fa03f31509ff188bcb667b0217098414990354d88698b1c24
                                                                                                                                                                                  • Opcode Fuzzy Hash: 75a42a090690cbf01e55e82e48ecf76e61ca4ec783f0b790b218db4d75954228
                                                                                                                                                                                  • Instruction Fuzzy Hash: 9132F1B1A483408FD724CF28C88076BBBE1EF99314F18892EE9D59B391D7789805CB56
                                                                                                                                                                                  Function 00666E57 Relevance: 16.5, APIs: 8, Strings: 1, Instructions: 718memorycomCOMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • CoCreateInstance.COMBASE(0044168C,00000000,00000001,0044167C,00000000), ref: 00667078
                                                                                                                                                                                  • SysAllocString.OLEAUT32(F5A3FBA8), ref: 00667141
                                                                                                                                                                                  • CoSetProxyBlanket.COMBASE(D77F9D52,0000000A,00000000,00000000,00000003,00000003,00000000,00000000), ref: 0066717F
                                                                                                                                                                                  • SysAllocString.OLEAUT32(68DA6AD6), ref: 006671D4
                                                                                                                                                                                  • SysAllocString.OLEAUT32(BD01C371), ref: 0066728C
                                                                                                                                                                                  • VariantInit.OLEAUT32(F8FBFAF5), ref: 006672FE
                                                                                                                                                                                  • SysFreeString.OLEAUT32(00000000), ref: 00667600
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.1595932109.0000000000630000.00000040.00001000.00020000.00000000.sdmp, Offset: 00630000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_630000_1.jbxd
                                                                                                                                                                                  Yara matches
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: String$Alloc$BlanketCreateFreeInitInstanceProxyVariant
                                                                                                                                                                                  • String ID: \
                                                                                                                                                                                  • API String ID: 2895375541-2967466578
                                                                                                                                                                                  • Opcode ID: e633b1edb0abaaa91c51916f6b4de4541011fbe2bf65ddbb0a63274da755d3b6
                                                                                                                                                                                  • Instruction ID: 00e9cb3506f49bbf3484384a511a2ca92bbafef621855a4d197520cdbee6a853
                                                                                                                                                                                  • Opcode Fuzzy Hash: e633b1edb0abaaa91c51916f6b4de4541011fbe2bf65ddbb0a63274da755d3b6
                                                                                                                                                                                  • Instruction Fuzzy Hash: EC321071A483408FD714CF28C894BABBBE2EFD5314F188A6DE5968B391D774D805CB92
                                                                                                                                                                                  Function 00423FF1 Relevance: 14.9, Strings: 11, Instructions: 1151COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.1595752443.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                  • Associated: 00000000.00000002.1595752443.0000000000451000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_1.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID: ?2$GZ$RQ$Um$XY$^_$`.`,$|*z($}{$~C$~x
                                                                                                                                                                                  • API String ID: 0-3286641888
                                                                                                                                                                                  • Opcode ID: 2d86252da6dcca5c70d622a662e215f1260247f899cb4a61d1ed2f8fa2b08e4b
                                                                                                                                                                                  • Instruction ID: 8905dcfdf89283d7057ea18a46458f0f65d17b19ac1614b2b51523b123e5834b
                                                                                                                                                                                  • Opcode Fuzzy Hash: 2d86252da6dcca5c70d622a662e215f1260247f899cb4a61d1ed2f8fa2b08e4b
                                                                                                                                                                                  • Instruction Fuzzy Hash: 13A284B560C7918BC334CF24E8417AFBBF1FB95300F50892DE5D99B252E77499068B8A
                                                                                                                                                                                  Function 00410F71 Relevance: 14.5, Strings: 11, Instructions: 732COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.1595752443.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                  • Associated: 00000000.00000002.1595752443.0000000000451000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_1.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID: *$5$8$E$F$F$T$V$t$x$}
                                                                                                                                                                                  • API String ID: 0-2030276459
                                                                                                                                                                                  • Opcode ID: b324941a9b68c0dff1c7ebb2f5622cd9b52ee33eb3e2a51b2d7e86fa47adb09e
                                                                                                                                                                                  • Instruction ID: c65b7364bd064933e9a5b5e6974812a1585fbabcad75f28cb55a4b6cd1cf0c20
                                                                                                                                                                                  • Opcode Fuzzy Hash: b324941a9b68c0dff1c7ebb2f5622cd9b52ee33eb3e2a51b2d7e86fa47adb09e
                                                                                                                                                                                  • Instruction Fuzzy Hash: DE52A071A0D7908BD3249F38C4953AFBBE1AFC5314F188A2EE5D9D7392D67888418B47
                                                                                                                                                                                  Function 006411D8 Relevance: 14.5, Strings: 11, Instructions: 732COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.1595932109.0000000000630000.00000040.00001000.00020000.00000000.sdmp, Offset: 00630000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_630000_1.jbxd
                                                                                                                                                                                  Yara matches
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID: *$5$8$E$F$F$T$V$t$x$}
                                                                                                                                                                                  • API String ID: 0-2030276459
                                                                                                                                                                                  • Opcode ID: 54559b29754bddaefcc01b75491de4315de9a49dfd31031a4e645e47d4b0cf3b
                                                                                                                                                                                  • Instruction ID: 041ed8f54a160c50eecb74e64a0c1de2c9366e67a68413e84706c070e0cd1661
                                                                                                                                                                                  • Opcode Fuzzy Hash: 54559b29754bddaefcc01b75491de4315de9a49dfd31031a4e645e47d4b0cf3b
                                                                                                                                                                                  • Instruction Fuzzy Hash: C2527F7160C7908FD3649B38C4957AEBBE2ABC6314F198A2EE4D9C7381D6788941CB53
                                                                                                                                                                                  Function 00421550 Relevance: 14.2, Strings: 11, Instructions: 497COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.1595752443.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                  • Associated: 00000000.00000002.1595752443.0000000000451000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_1.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: AllocateHeap
                                                                                                                                                                                  • String ID: !@$,$P$R$U$[$\$\$d$e$k
                                                                                                                                                                                  • API String ID: 1279760036-3655135053
                                                                                                                                                                                  • Opcode ID: 1501ae22b669a856241982007be978b553d9fa2a8b1c7343ee6ca350152767b8
                                                                                                                                                                                  • Instruction ID: be15e7759762016a5ab56c065a3de713772b79a06d3db46e9c8f1ed0cd5b60f3
                                                                                                                                                                                  • Opcode Fuzzy Hash: 1501ae22b669a856241982007be978b553d9fa2a8b1c7343ee6ca350152767b8
                                                                                                                                                                                  • Instruction Fuzzy Hash: BA22D07060C7A08FD324CF28D49036FBBE1ABA6314F54496EE4D5873A2D7B99845CB4B
                                                                                                                                                                                  Function 006517B7 Relevance: 14.2, Strings: 11, Instructions: 497COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.1595932109.0000000000630000.00000040.00001000.00020000.00000000.sdmp, Offset: 00630000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_630000_1.jbxd
                                                                                                                                                                                  Yara matches
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID: !@$,$P$R$U$[$\$\$d$e$k
                                                                                                                                                                                  • API String ID: 0-3655135053
                                                                                                                                                                                  • Opcode ID: 064e02782f7c13943fb5ef05a120aa3df57627369173b650a7ff99494ea3c8e1
                                                                                                                                                                                  • Instruction ID: 788dae87761220c5e8ae4b354bc4eadc1a8271d347b2cec50d333e11a52e0793
                                                                                                                                                                                  • Opcode Fuzzy Hash: 064e02782f7c13943fb5ef05a120aa3df57627369173b650a7ff99494ea3c8e1
                                                                                                                                                                                  • Instruction Fuzzy Hash: 71229F7150C7808FD3648F28C4917AEFBE2AF86314F144A6DE8D58B392D7B98849CB57
                                                                                                                                                                                  Function 00638987 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 235threadCOMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • GetCurrentProcessId.KERNEL32 ref: 006389AB
                                                                                                                                                                                  • GetCurrentThreadId.KERNEL32 ref: 006389B5
                                                                                                                                                                                  • SHGetSpecialFolderPathW.SHELL32(00000000,?,00000010,00000000), ref: 00638A6F
                                                                                                                                                                                  • GetForegroundWindow.USER32 ref: 00638C08
                                                                                                                                                                                  • ExitProcess.KERNEL32 ref: 00638C7E
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.1595932109.0000000000630000.00000040.00001000.00020000.00000000.sdmp, Offset: 00630000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_630000_1.jbxd
                                                                                                                                                                                  Yara matches
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: CurrentProcess$ExitFolderForegroundPathSpecialThreadWindow
                                                                                                                                                                                  • String ID: *t
                                                                                                                                                                                  • API String ID: 4063528623-4279232255
                                                                                                                                                                                  • Opcode ID: a033853663f9aa72b3e3c2f5fa807d270979bfeb9c425b233734d9a17b92e25a
                                                                                                                                                                                  • Instruction ID: 6e0d2ef4ede4ae456dc88766f104c7c5cc45fd0f600889e0fce0c2430e8a2be9
                                                                                                                                                                                  • Opcode Fuzzy Hash: a033853663f9aa72b3e3c2f5fa807d270979bfeb9c425b233734d9a17b92e25a
                                                                                                                                                                                  • Instruction Fuzzy Hash: 7D7155B3E403144FD318AF69DC8239AB6879BC0710F1F813EA885EB3A5DE758C0286D5
                                                                                                                                                                                  Function 0041E230 Relevance: 9.9, Strings: 7, Instructions: 1107COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.1595752443.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                  • Associated: 00000000.00000002.1595752443.0000000000451000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_1.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID: @Nxz$FEtp$WYRT$]^he$f$pKp^$vvFE
                                                                                                                                                                                  • API String ID: 0-4211064948
                                                                                                                                                                                  • Opcode ID: b641ae53c77c1c073bcf35c0ee0591ed40e6fd4b6c69f90461f1134301d80b0b
                                                                                                                                                                                  • Instruction ID: 75ff03aaaf392da3e29cffd334160510e8067c989b70b2d22972558c468cc543
                                                                                                                                                                                  • Opcode Fuzzy Hash: b641ae53c77c1c073bcf35c0ee0591ed40e6fd4b6c69f90461f1134301d80b0b
                                                                                                                                                                                  • Instruction Fuzzy Hash: 3A726B7550C3418FC724CF29C85066FBBE1AFD5314F188A6EE8E58B382D638D946CB86
                                                                                                                                                                                  Function 0064E497 Relevance: 9.9, Strings: 7, Instructions: 1107COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.1595932109.0000000000630000.00000040.00001000.00020000.00000000.sdmp, Offset: 00630000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_630000_1.jbxd
                                                                                                                                                                                  Yara matches
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID: @Nxz$FEtp$WYRT$]^he$f$pKp^$vvFE
                                                                                                                                                                                  • API String ID: 0-4211064948
                                                                                                                                                                                  • Opcode ID: 0dca923615cbc050f68f4b51f90a07d30ab904ef0b05c6cb5b24a3072e389107
                                                                                                                                                                                  • Instruction ID: e176dce9975dbc650ccc604f10cdbb1c36d8616ac7c1a71f391dcdab93c7d5fa
                                                                                                                                                                                  • Opcode Fuzzy Hash: 0dca923615cbc050f68f4b51f90a07d30ab904ef0b05c6cb5b24a3072e389107
                                                                                                                                                                                  • Instruction Fuzzy Hash: EA723B7160C3518FC725CF28C85066EBBE2BFD5314F198A6DE4E58B392D7368906CB92
                                                                                                                                                                                  Function 00415640 Relevance: 9.7, Strings: 7, Instructions: 943COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.1595752443.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                  • Associated: 00000000.00000002.1595752443.0000000000451000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_1.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID: >j%h$Fi$JHN]$UR$YU]&$s|}$wq
                                                                                                                                                                                  • API String ID: 0-2664314784
                                                                                                                                                                                  • Opcode ID: 1a1e2218d3a31356070c4d2de04ce1194e2a3808fe1c0d4043895ce6d498745d
                                                                                                                                                                                  • Instruction ID: 6413b6cc339066a55532578e80e6a8cd990dac4ee94ef104ad543d9b904f88e5
                                                                                                                                                                                  • Opcode Fuzzy Hash: 1a1e2218d3a31356070c4d2de04ce1194e2a3808fe1c0d4043895ce6d498745d
                                                                                                                                                                                  • Instruction Fuzzy Hash: 2E5224B5908740CBD7249F29D8527EFB7E1EFD5314F188A2EE48987391EB389841CB46
                                                                                                                                                                                  Function 00411A94 Relevance: 9.3, Strings: 7, Instructions: 531COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.1595752443.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                  • Associated: 00000000.00000002.1595752443.0000000000451000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_1.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID: %$'$1$;$U$]$c
                                                                                                                                                                                  • API String ID: 0-3216539101
                                                                                                                                                                                  • Opcode ID: 7e869214f98568f52db87169b48c85e95a54f1fa86509b2585430c18c27dffd6
                                                                                                                                                                                  • Instruction ID: 8872672c431fe2ce152bce7d029f855a9058fa24074d906188b7479ea9d234e0
                                                                                                                                                                                  • Opcode Fuzzy Hash: 7e869214f98568f52db87169b48c85e95a54f1fa86509b2585430c18c27dffd6
                                                                                                                                                                                  • Instruction Fuzzy Hash: C312C47160C7908BD724DB3884943EFBBE1AF85324F148A2EE5E9973D1DA7884858B47
                                                                                                                                                                                  Function 00641CFB Relevance: 9.3, Strings: 7, Instructions: 531COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.1595932109.0000000000630000.00000040.00001000.00020000.00000000.sdmp, Offset: 00630000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_630000_1.jbxd
                                                                                                                                                                                  Yara matches
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID: %$'$1$;$U$]$c
                                                                                                                                                                                  • API String ID: 0-3216539101
                                                                                                                                                                                  • Opcode ID: 02a5ef63514b01ad114f953342cc050e0ff4b5a2fcbf169303a6ec6d1bf9b821
                                                                                                                                                                                  • Instruction ID: 7fa3bd6ec0ca69497bdcf0039fcca425ce3238040caba2fed334a3fd03739b3d
                                                                                                                                                                                  • Opcode Fuzzy Hash: 02a5ef63514b01ad114f953342cc050e0ff4b5a2fcbf169303a6ec6d1bf9b821
                                                                                                                                                                                  • Instruction Fuzzy Hash: 4712E37150C7918FC7649F38C4953EFBBE2AB95324F258A2EE5E9873C1DA348845CB42
                                                                                                                                                                                  Function 00431B10 Relevance: 9.2, APIs: 6, Instructions: 152clipboardCOMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.1595752443.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                  • Associated: 00000000.00000002.1595752443.0000000000451000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_1.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: Clipboard$Global$CloseDataLockLongOpenUnlockWindow
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 2832541153-0
                                                                                                                                                                                  • Opcode ID: 5502842d010c68d0be0a87ba9bd2940b424877ada9b18a2ce83abf0bf6e0d2fd
                                                                                                                                                                                  • Instruction ID: 456b1e1cfcf1951664547b6acc2f3bc49ddc4e535775eb3306363a95376e0e20
                                                                                                                                                                                  • Opcode Fuzzy Hash: 5502842d010c68d0be0a87ba9bd2940b424877ada9b18a2ce83abf0bf6e0d2fd
                                                                                                                                                                                  • Instruction Fuzzy Hash: E151E5B264C7818FC3009FBC888525EBAD1ABC9324F185B3EE5E5873E1D6788545C35B
                                                                                                                                                                                  Function 00661D77 Relevance: 9.2, APIs: 6, Instructions: 152clipboardCOMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.1595932109.0000000000630000.00000040.00001000.00020000.00000000.sdmp, Offset: 00630000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_630000_1.jbxd
                                                                                                                                                                                  Yara matches
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: Clipboard$Global$CloseDataLockLongOpenUnlockWindow
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 2832541153-0
                                                                                                                                                                                  • Opcode ID: 71969f7298005d88d287ab413003f9ee1759dca764eaa11b8bc7bb266ad5d961
                                                                                                                                                                                  • Instruction ID: d6dfd58bf87baa162a9b9023831288a99391e38b3ee4f4f679830a3ca8b3a49d
                                                                                                                                                                                  • Opcode Fuzzy Hash: 71969f7298005d88d287ab413003f9ee1759dca764eaa11b8bc7bb266ad5d961
                                                                                                                                                                                  • Instruction Fuzzy Hash: A851E3B260CB418FC3049FBC988525EBAE29BC6324F084B3DE5E58B3E2D77485458797
                                                                                                                                                                                  Function 004226D3 Relevance: 8.3, Strings: 6, Instructions: 769COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.1595752443.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                  • Associated: 00000000.00000002.1595752443.0000000000451000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_1.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID: 0$1{$20B$?<$r~$zw
                                                                                                                                                                                  • API String ID: 0-2679017340
                                                                                                                                                                                  • Opcode ID: 537bde9d46df3222387419aeb26fc1f4b43caef482393badc1e8c42bd9746955
                                                                                                                                                                                  • Instruction ID: d33c3c22aecb478376be31245472bd180fa71e6bbe94e4be3b838edfdb885b08
                                                                                                                                                                                  • Opcode Fuzzy Hash: 537bde9d46df3222387419aeb26fc1f4b43caef482393badc1e8c42bd9746955
                                                                                                                                                                                  • Instruction Fuzzy Hash: 004213756083519FD328CF24E89176BBBE1FBC6300F58896CE8D54B391DB789901CB86
                                                                                                                                                                                  Function 00409290 Relevance: 7.9, Strings: 6, Instructions: 429COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.1595752443.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                  • Associated: 00000000.00000002.1595752443.0000000000451000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_1.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID: C$CM$Egx|$RRP\$clfg$kj
                                                                                                                                                                                  • API String ID: 0-2969717086
                                                                                                                                                                                  • Opcode ID: 7205f9d9b45afb0796eec4366d0d469d1e374ff805331be11343e4905182765d
                                                                                                                                                                                  • Instruction ID: eb2cbb1bd96b13dc1e87fdd3b4d4e9aa1d89c7929d3179814df1281453766ee1
                                                                                                                                                                                  • Opcode Fuzzy Hash: 7205f9d9b45afb0796eec4366d0d469d1e374ff805331be11343e4905182765d
                                                                                                                                                                                  • Instruction Fuzzy Hash: 68C1257120C3908BD316CF3984A03ABBBE29FD7214F19896DE4E55B386D63D4D0ACB56
                                                                                                                                                                                  Function 006394F7 Relevance: 7.9, Strings: 6, Instructions: 429COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.1595932109.0000000000630000.00000040.00001000.00020000.00000000.sdmp, Offset: 00630000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_630000_1.jbxd
                                                                                                                                                                                  Yara matches
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID: C$CM$Egx|$RRP\$clfg$kj
                                                                                                                                                                                  • API String ID: 0-2969717086
                                                                                                                                                                                  • Opcode ID: 7205f9d9b45afb0796eec4366d0d469d1e374ff805331be11343e4905182765d
                                                                                                                                                                                  • Instruction ID: 5f5db9a397ea6c053461d66897da2c4e10b5ce7b138e193b189035be720d87c8
                                                                                                                                                                                  • Opcode Fuzzy Hash: 7205f9d9b45afb0796eec4366d0d469d1e374ff805331be11343e4905182765d
                                                                                                                                                                                  • Instruction Fuzzy Hash: A7C12A7150C3908BD315CF3984A07ABBBE29FD3315F19896CE4E54F782D279490ACBA2
                                                                                                                                                                                  Function 00418095 Relevance: 7.6, Strings: 5, Instructions: 1319COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.1595752443.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                  • Associated: 00000000.00000002.1595752443.0000000000451000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_1.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID: '$K$Q230$d$(
                                                                                                                                                                                  • API String ID: 0-937174541
                                                                                                                                                                                  • Opcode ID: 8fc3f7fb01860a1426ce1fe04c009867176c1d8a5034ed4e2c4c8f49e413e202
                                                                                                                                                                                  • Instruction ID: 58f53d59709b9d842a8a43f359275e23c79d1d1439031bf9fc017cbfd7306527
                                                                                                                                                                                  • Opcode Fuzzy Hash: 8fc3f7fb01860a1426ce1fe04c009867176c1d8a5034ed4e2c4c8f49e413e202
                                                                                                                                                                                  • Instruction Fuzzy Hash: 469278716083418BD724CF28C8917ABBBE2FFD6354F18896EE4C58B391EB388945C756
                                                                                                                                                                                  Function 004270F9 Relevance: 5.8, Strings: 4, Instructions: 802COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.1595752443.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                  • Associated: 00000000.00000002.1595752443.0000000000451000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_1.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID: p$=&2)$>.8$LL
                                                                                                                                                                                  • API String ID: 0-1181295447
                                                                                                                                                                                  • Opcode ID: 4fddbfc932205d6e83d2f1efe844499ab53cbb624e228ef249bc02ec27312283
                                                                                                                                                                                  • Instruction ID: a9efb95c3a65a41c153c0b80b56b8e44ba6b8275f2af5c925a7100185feb6827
                                                                                                                                                                                  • Opcode Fuzzy Hash: 4fddbfc932205d6e83d2f1efe844499ab53cbb624e228ef249bc02ec27312283
                                                                                                                                                                                  • Instruction Fuzzy Hash: A14227B5E01621CFDB18CF28D85176EB7B2FF85310F18822ED455AB395DB38A812CB95
                                                                                                                                                                                  Function 0040C97C Relevance: 5.5, Strings: 4, Instructions: 533COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.1595752443.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                  • Associated: 00000000.00000002.1595752443.0000000000451000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_1.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID: 1{$?<$r~$zw
                                                                                                                                                                                  • API String ID: 0-614760689
                                                                                                                                                                                  • Opcode ID: eb3c17a6683ec847e6b85be3c76d0ef9fc7d1f650e305b1e8f677bb00ee496f1
                                                                                                                                                                                  • Instruction ID: 8c0bbb06c053c804edf452d5fe8d2e96343bb599f6963af4fa887321ba18444d
                                                                                                                                                                                  • Opcode Fuzzy Hash: eb3c17a6683ec847e6b85be3c76d0ef9fc7d1f650e305b1e8f677bb00ee496f1
                                                                                                                                                                                  • Instruction Fuzzy Hash: D202B9B01093C28BD735CF24D4947EFBBE1EBD6344F188A6DC8D99B292C73845468B96
                                                                                                                                                                                  Function 0063CBE3 Relevance: 5.5, Strings: 4, Instructions: 533COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.1595932109.0000000000630000.00000040.00001000.00020000.00000000.sdmp, Offset: 00630000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_630000_1.jbxd
                                                                                                                                                                                  Yara matches
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID: 1{$?<$r~$zw
                                                                                                                                                                                  • API String ID: 0-614760689
                                                                                                                                                                                  • Opcode ID: eb3c17a6683ec847e6b85be3c76d0ef9fc7d1f650e305b1e8f677bb00ee496f1
                                                                                                                                                                                  • Instruction ID: 78dd38ad9448fe86ba40573cc6f6922541d80ff7604763ed80b2b7f0cf99ac45
                                                                                                                                                                                  • Opcode Fuzzy Hash: eb3c17a6683ec847e6b85be3c76d0ef9fc7d1f650e305b1e8f677bb00ee496f1
                                                                                                                                                                                  • Instruction Fuzzy Hash: 870299B01093C18BD735CF24D494BEFBBE2ABD6348F188A6CD4D99B252C7384546CB96
                                                                                                                                                                                  Function 0064C467 Relevance: 5.5, Strings: 4, Instructions: 509COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.1595932109.0000000000630000.00000040.00001000.00020000.00000000.sdmp, Offset: 00630000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_630000_1.jbxd
                                                                                                                                                                                  Yara matches
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID: ./${x$g`a$|r
                                                                                                                                                                                  • API String ID: 0-1262855476
                                                                                                                                                                                  • Opcode ID: bd4b176f693474f89a41825065c2807bc69f290308139cc3b7168961be5415e4
                                                                                                                                                                                  • Instruction ID: b97e7874ab9b9d52ff2b9b0085ad726cec9982718b5dd92c55aa05eeea558dc9
                                                                                                                                                                                  • Opcode Fuzzy Hash: bd4b176f693474f89a41825065c2807bc69f290308139cc3b7168961be5415e4
                                                                                                                                                                                  • Instruction Fuzzy Hash: 73F127B7A5C3549BD308DF698C4225FFAE3EBD4314F19C92CE8D49B345DA3886048B86
                                                                                                                                                                                  Function 0041C205 Relevance: 5.5, Strings: 4, Instructions: 508COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.1595752443.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                  • Associated: 00000000.00000002.1595752443.0000000000451000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_1.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID: ./${x$g`a$|r
                                                                                                                                                                                  • API String ID: 0-1262855476
                                                                                                                                                                                  • Opcode ID: 491079faa4139b4023a68b06db4a560dc525a27ed591174cfb56c117e84bdf28
                                                                                                                                                                                  • Instruction ID: 0375d2c638a70b8ef1e7302ada8e5da81334ff9e30b2996ad5d3d5fc84c69c5c
                                                                                                                                                                                  • Opcode Fuzzy Hash: 491079faa4139b4023a68b06db4a560dc525a27ed591174cfb56c117e84bdf28
                                                                                                                                                                                  • Instruction Fuzzy Hash: CDF129B7A5C3105FD308DF6A9C4265FFAE2EBD4304F19C92DE8D49B345DA3886058B86
                                                                                                                                                                                  Function 004259B0 Relevance: 5.4, Strings: 4, Instructions: 408COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.1595752443.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                  • Associated: 00000000.00000002.1595752443.0000000000451000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_1.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID: !J$/V$U+$Y\
                                                                                                                                                                                  • API String ID: 0-2652480667
                                                                                                                                                                                  • Opcode ID: b8397365c0e139f95806e8eb7547f0180d38e52854cd99544924d0959d199104
                                                                                                                                                                                  • Instruction ID: e638dceca7007414c1790a2a48e061f39edb8c9276ca3b8e5075e95b8c8bbe4b
                                                                                                                                                                                  • Opcode Fuzzy Hash: b8397365c0e139f95806e8eb7547f0180d38e52854cd99544924d0959d199104
                                                                                                                                                                                  • Instruction Fuzzy Hash: 59E123B5608300DFE724DF25E88176BB7F1FB96304F84892DE1D54B262DB349815CB56
                                                                                                                                                                                  Function 0040AB20 Relevance: 5.4, Strings: 4, Instructions: 405COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.1595752443.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                  • Associated: 00000000.00000002.1595752443.0000000000451000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_1.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID: a|}r$nww$tefr$tefr
                                                                                                                                                                                  • API String ID: 0-1676423017
                                                                                                                                                                                  • Opcode ID: 2f6cb9c456839d7f2aa6693d3196c79ed8031bc83ef20ec99ac6c1b31c11c787
                                                                                                                                                                                  • Instruction ID: 970974a417f5ef7be21b240ce44141a3b9f4e48c2a444d2add3689cd360b193c
                                                                                                                                                                                  • Opcode Fuzzy Hash: 2f6cb9c456839d7f2aa6693d3196c79ed8031bc83ef20ec99ac6c1b31c11c787
                                                                                                                                                                                  • Instruction Fuzzy Hash: BFC1F6B125C3514BC320EF2488512AFFBE3DBD1304F18896DE4D59F381E679881A8B9B
                                                                                                                                                                                  Function 0063AD87 Relevance: 5.4, Strings: 4, Instructions: 405COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.1595932109.0000000000630000.00000040.00001000.00020000.00000000.sdmp, Offset: 00630000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_630000_1.jbxd
                                                                                                                                                                                  Yara matches
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID: a|}r$nww$tefr$tefr
                                                                                                                                                                                  • API String ID: 0-1676423017
                                                                                                                                                                                  • Opcode ID: 2f6cb9c456839d7f2aa6693d3196c79ed8031bc83ef20ec99ac6c1b31c11c787
                                                                                                                                                                                  • Instruction ID: bc27dd23af04046a8064aef67788f43ae8e6db9bfc3d385125d1114e6aeb7c78
                                                                                                                                                                                  • Opcode Fuzzy Hash: 2f6cb9c456839d7f2aa6693d3196c79ed8031bc83ef20ec99ac6c1b31c11c787
                                                                                                                                                                                  • Instruction Fuzzy Hash: 4AC1F27124C3508BC324EF6488512AFFBE3EB92304F18996CE5D59F351E776890A8B86
                                                                                                                                                                                  Function 0042C894 Relevance: 5.3, Strings: 4, Instructions: 308COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.1595752443.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                  • Associated: 00000000.00000002.1595752443.0000000000451000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_1.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID: 0$@$^TFW$d
                                                                                                                                                                                  • API String ID: 0-3517422908
                                                                                                                                                                                  • Opcode ID: 37f25ea6869bded6d623e990895bc7805b0ee94feffc2b6719acab69f49713cd
                                                                                                                                                                                  • Instruction ID: 5bd2b57a04c6c6cac2f535ba146a6f82be99d0a7104f65c521330fa3aa0df0c5
                                                                                                                                                                                  • Opcode Fuzzy Hash: 37f25ea6869bded6d623e990895bc7805b0ee94feffc2b6719acab69f49713cd
                                                                                                                                                                                  • Instruction Fuzzy Hash: DE712B7020C3A14BD318CF3A94A133FBFD1AFD6304FA8896EE4D68B391D6788545875A
                                                                                                                                                                                  Function 0065CAFB Relevance: 5.3, Strings: 4, Instructions: 308COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.1595932109.0000000000630000.00000040.00001000.00020000.00000000.sdmp, Offset: 00630000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_630000_1.jbxd
                                                                                                                                                                                  Yara matches
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID: 0$@$^TFW$d
                                                                                                                                                                                  • API String ID: 0-3517422908
                                                                                                                                                                                  • Opcode ID: 37f25ea6869bded6d623e990895bc7805b0ee94feffc2b6719acab69f49713cd
                                                                                                                                                                                  • Instruction ID: 05fdd62a412f4fe953cf2e2f7094114258ab7d29f5b37dec29e54be5cec30388
                                                                                                                                                                                  • Opcode Fuzzy Hash: 37f25ea6869bded6d623e990895bc7805b0ee94feffc2b6719acab69f49713cd
                                                                                                                                                                                  • Instruction Fuzzy Hash: A871166020C3814FD3188F3984A177BBFE2AFD6315F28896DE8D6CB391D674854AC716
                                                                                                                                                                                  Function 004164E0 Relevance: 5.2, Strings: 4, Instructions: 238COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.1595752443.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                  • Associated: 00000000.00000002.1595752443.0000000000451000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_1.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: InitializeThunk
                                                                                                                                                                                  • String ID: gA$pv$tuz$L4
                                                                                                                                                                                  • API String ID: 2994545307-2651758537
                                                                                                                                                                                  • Opcode ID: ec58a7decc4c25214c4529c7cc2bc73d2353a58d0e39380fcfd8da805ea9798a
                                                                                                                                                                                  • Instruction ID: 747c4427f4217a0f6305aa87fb738b571a89fe0a76da4666c9f1fc0da58f07eb
                                                                                                                                                                                  • Opcode Fuzzy Hash: ec58a7decc4c25214c4529c7cc2bc73d2353a58d0e39380fcfd8da805ea9798a
                                                                                                                                                                                  • Instruction Fuzzy Hash: 778132366083118FDB208F24DC917AB73E2FFC5318F19883CD5898B295EB789886C756
                                                                                                                                                                                  Function 0040D35C Relevance: 5.1, APIs: 2, Strings: 1, Instructions: 625COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.1595752443.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                  • Associated: 00000000.00000002.1595752443.0000000000451000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_1.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: Uninitialize
                                                                                                                                                                                  • String ID: (P
                                                                                                                                                                                  • API String ID: 3861434553-2012212641
                                                                                                                                                                                  • Opcode ID: 806ca7b758aea85ba4256f5737dc198644c562e8fe769678b1b4da1df31b6c3a
                                                                                                                                                                                  • Instruction ID: 25c0ec8a4ed120f5396a3a8eb6bdccd7f9d1ac3417b5368b8856c91530714b40
                                                                                                                                                                                  • Opcode Fuzzy Hash: 806ca7b758aea85ba4256f5737dc198644c562e8fe769678b1b4da1df31b6c3a
                                                                                                                                                                                  • Instruction Fuzzy Hash: 9522F37194D3C18AD335CF39D49079BBFE0AF96304F188AADC4D96B282D739450ACB96
                                                                                                                                                                                  Function 0063D5C3 Relevance: 5.1, APIs: 2, Strings: 1, Instructions: 625COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.1595932109.0000000000630000.00000040.00001000.00020000.00000000.sdmp, Offset: 00630000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_630000_1.jbxd
                                                                                                                                                                                  Yara matches
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: Uninitialize
                                                                                                                                                                                  • String ID: (P
                                                                                                                                                                                  • API String ID: 3861434553-2012212641
                                                                                                                                                                                  • Opcode ID: 806ca7b758aea85ba4256f5737dc198644c562e8fe769678b1b4da1df31b6c3a
                                                                                                                                                                                  • Instruction ID: c5b7d08ce9ce3d63f622f83424cdf74c2594e1cb7656d0e8dafb43069fa19709
                                                                                                                                                                                  • Opcode Fuzzy Hash: 806ca7b758aea85ba4256f5737dc198644c562e8fe769678b1b4da1df31b6c3a
                                                                                                                                                                                  • Instruction Fuzzy Hash: 1B22EEB154D3C28AD331CF39D8907EABBE1AF96308F188AACD4D95B342C7754506CB96
                                                                                                                                                                                  Function 0043A800 Relevance: 4.4, Strings: 3, Instructions: 638COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.1595752443.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                  • Associated: 00000000.00000002.1595752443.0000000000451000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_1.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: InitializeThunk
                                                                                                                                                                                  • String ID: <Y?.$@Y?.$f
                                                                                                                                                                                  • API String ID: 2994545307-3750340189
                                                                                                                                                                                  • Opcode ID: b02bb918433bb0e8f8dbcadeda9288d51aaf88c93422d08f45d2352923007a11
                                                                                                                                                                                  • Instruction ID: c74426cb7d5c2b8464f7a726c278729e67e47e3ee492349ccfb6cdb994678fcd
                                                                                                                                                                                  • Opcode Fuzzy Hash: b02bb918433bb0e8f8dbcadeda9288d51aaf88c93422d08f45d2352923007a11
                                                                                                                                                                                  • Instruction Fuzzy Hash: 2E2200716483418FD314CF28C890B2BFBE2BB89314F189A2DE5D597392D639EC158B5B
                                                                                                                                                                                  Function 00409710 Relevance: 4.1, Strings: 3, Instructions: 395COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.1595752443.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                  • Associated: 00000000.00000002.1595752443.0000000000451000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_1.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID: HVKG$p$v~
                                                                                                                                                                                  • API String ID: 0-1862922427
                                                                                                                                                                                  • Opcode ID: c867a20b50f44ccac4789e3bcd61e8bad27316830e28a6c3e9f53bb87e3906a3
                                                                                                                                                                                  • Instruction ID: 86a3a5660e107ae1260813c386389b95e5ffbd236bee62f340ce21bd1566c7c7
                                                                                                                                                                                  • Opcode Fuzzy Hash: c867a20b50f44ccac4789e3bcd61e8bad27316830e28a6c3e9f53bb87e3906a3
                                                                                                                                                                                  • Instruction Fuzzy Hash: ACB145B160C3408BE314CF69D8816ABBBE5EFD2314F14496DE1E18B392D778D90ACB56
                                                                                                                                                                                  Function 00639977 Relevance: 4.1, Strings: 3, Instructions: 395COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.1595932109.0000000000630000.00000040.00001000.00020000.00000000.sdmp, Offset: 00630000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_630000_1.jbxd
                                                                                                                                                                                  Yara matches
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID: HVKG$p$v~
                                                                                                                                                                                  • API String ID: 0-1862922427
                                                                                                                                                                                  • Opcode ID: 5838e84e17dff0059762aabdf9e5c890d144632ef5acc13da3c59ecf58ab7ccc
                                                                                                                                                                                  • Instruction ID: 6d3f6774beaf295c53f4b10c7b9992cf9c6e87196b4a18c864ec81e027cb24d7
                                                                                                                                                                                  • Opcode Fuzzy Hash: 5838e84e17dff0059762aabdf9e5c890d144632ef5acc13da3c59ecf58ab7ccc
                                                                                                                                                                                  • Instruction Fuzzy Hash: E7B1287060C7804BD314CF69D881AABBBE6EFD2314F14496CE0E187391D778D50ACBA6
                                                                                                                                                                                  Function 0042BF45 Relevance: 4.1, Strings: 3, Instructions: 336COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.1595752443.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                  • Associated: 00000000.00000002.1595752443.0000000000451000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_1.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID: @a$L,2H$u
                                                                                                                                                                                  • API String ID: 0-2528062038
                                                                                                                                                                                  • Opcode ID: 19d08f9f7d7bed7b51ea453a9ddedc70aa30b931c2df07c4920a08e0e96f246b
                                                                                                                                                                                  • Instruction ID: 260f7405a81d4791661634af8caf9a7863cff9be19d6ba05b95630b53f05b8d3
                                                                                                                                                                                  • Opcode Fuzzy Hash: 19d08f9f7d7bed7b51ea453a9ddedc70aa30b931c2df07c4920a08e0e96f246b
                                                                                                                                                                                  • Instruction Fuzzy Hash: 5B91D37050C3D08FD729CF3994A07ABBBD1AFA7308F58499ED4C997282D7398506CB5A
                                                                                                                                                                                  Function 0065C1AC Relevance: 4.1, Strings: 3, Instructions: 336COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.1595932109.0000000000630000.00000040.00001000.00020000.00000000.sdmp, Offset: 00630000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_630000_1.jbxd
                                                                                                                                                                                  Yara matches
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID: @a$L,2H$u
                                                                                                                                                                                  • API String ID: 0-2528062038
                                                                                                                                                                                  • Opcode ID: bb5ee31c78ed639c1583b143499891809e1cbae71d980793a1c3aa9187c0ca3b
                                                                                                                                                                                  • Instruction ID: 3a434eb42ee82eece16b920e7a9f92768470285bcaa5bfa19780865d4fb6832c
                                                                                                                                                                                  • Opcode Fuzzy Hash: bb5ee31c78ed639c1583b143499891809e1cbae71d980793a1c3aa9187c0ca3b
                                                                                                                                                                                  • Instruction Fuzzy Hash: D291CF7050C3C08FD7298F3984607EBBBE2AFA7315F1859ADE4D997282D735810ACB16
                                                                                                                                                                                  Function 0042C984 Relevance: 4.1, Strings: 3, Instructions: 301COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.1595752443.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                  • Associated: 00000000.00000002.1595752443.0000000000451000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_1.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID: @$^TFW$d
                                                                                                                                                                                  • API String ID: 0-3772873652
                                                                                                                                                                                  • Opcode ID: e77948e8393a9cc7bdcb460bf7634ff0d9ab7fe049b435dd13a9d95e45e3b21a
                                                                                                                                                                                  • Instruction ID: 2799912a11167947c30dacb984bff5d50de61b2a63b57257e2670e2a4959d2e1
                                                                                                                                                                                  • Opcode Fuzzy Hash: e77948e8393a9cc7bdcb460bf7634ff0d9ab7fe049b435dd13a9d95e45e3b21a
                                                                                                                                                                                  • Instruction Fuzzy Hash: 66711A7020C3A14BD318CF3A94A133FBFD19FD6344FA8896EE4D68B391D67885458B5A
                                                                                                                                                                                  Function 0065CBEB Relevance: 4.1, Strings: 3, Instructions: 301COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.1595932109.0000000000630000.00000040.00001000.00020000.00000000.sdmp, Offset: 00630000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_630000_1.jbxd
                                                                                                                                                                                  Yara matches
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID: @$^TFW$d
                                                                                                                                                                                  • API String ID: 0-3772873652
                                                                                                                                                                                  • Opcode ID: e77948e8393a9cc7bdcb460bf7634ff0d9ab7fe049b435dd13a9d95e45e3b21a
                                                                                                                                                                                  • Instruction ID: e56ab9d7182a8322fae9819fa48ab6f9920eb0205c991fb3852d50d841058a1f
                                                                                                                                                                                  • Opcode Fuzzy Hash: e77948e8393a9cc7bdcb460bf7634ff0d9ab7fe049b435dd13a9d95e45e3b21a
                                                                                                                                                                                  • Instruction Fuzzy Hash: BD71156020C3914FD3188F3984A177BBFE29FD6316F28896DE8D6CB391D674854AC716
                                                                                                                                                                                  Function 0042C9E9 Relevance: 4.0, Strings: 3, Instructions: 300COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.1595752443.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                  • Associated: 00000000.00000002.1595752443.0000000000451000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_1.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID: @$^TFW$d
                                                                                                                                                                                  • API String ID: 0-3772873652
                                                                                                                                                                                  • Opcode ID: 428764b825e4b8ba2b7fca742bfc1c8c513ef9c8b7cb12bd82b87945db3e714d
                                                                                                                                                                                  • Instruction ID: 458834963df5767a90244649d61e24c3552d5e0eb6c30586b80692c9ea77be3c
                                                                                                                                                                                  • Opcode Fuzzy Hash: 428764b825e4b8ba2b7fca742bfc1c8c513ef9c8b7cb12bd82b87945db3e714d
                                                                                                                                                                                  • Instruction Fuzzy Hash: 0071197020C3914BD318CF3A94A133FBFD19FD6344FA8896EE4D68B391D67885458B5A
                                                                                                                                                                                  Function 0065CC50 Relevance: 4.0, Strings: 3, Instructions: 300COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.1595932109.0000000000630000.00000040.00001000.00020000.00000000.sdmp, Offset: 00630000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_630000_1.jbxd
                                                                                                                                                                                  Yara matches
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID: @$^TFW$d
                                                                                                                                                                                  • API String ID: 0-3772873652
                                                                                                                                                                                  • Opcode ID: 428764b825e4b8ba2b7fca742bfc1c8c513ef9c8b7cb12bd82b87945db3e714d
                                                                                                                                                                                  • Instruction ID: 372a18eb87bc5ef88b3b09a41c7ab007ef812c638cd9c62e22e63507b0c0a453
                                                                                                                                                                                  • Opcode Fuzzy Hash: 428764b825e4b8ba2b7fca742bfc1c8c513ef9c8b7cb12bd82b87945db3e714d
                                                                                                                                                                                  • Instruction Fuzzy Hash: 8371F36120C3814FD3188F3984A177BBFE2AF96315F28896DE8D6CB391D674854AC716
                                                                                                                                                                                  Function 0042C9DA Relevance: 4.0, Strings: 3, Instructions: 274COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.1595752443.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                  • Associated: 00000000.00000002.1595752443.0000000000451000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_1.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID: @$^TFW$d
                                                                                                                                                                                  • API String ID: 0-3772873652
                                                                                                                                                                                  • Opcode ID: 3f31c8060202d205d8d56ef81dab902602b2f34c72238eee859b47f9e4bd7e14
                                                                                                                                                                                  • Instruction ID: 7127210c2118b4699990a0b47df2bedd54d271212ffcb081a94f2e7bc78a3b0a
                                                                                                                                                                                  • Opcode Fuzzy Hash: 3f31c8060202d205d8d56ef81dab902602b2f34c72238eee859b47f9e4bd7e14
                                                                                                                                                                                  • Instruction Fuzzy Hash: A1613C6020C3914BD318CF3A94A133BFFD19FE7344F98896EE4D68B391D67885068B5A
                                                                                                                                                                                  Function 0065CC41 Relevance: 4.0, Strings: 3, Instructions: 274COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.1595932109.0000000000630000.00000040.00001000.00020000.00000000.sdmp, Offset: 00630000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_630000_1.jbxd
                                                                                                                                                                                  Yara matches
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID: @$^TFW$d
                                                                                                                                                                                  • API String ID: 0-3772873652
                                                                                                                                                                                  • Opcode ID: 3f31c8060202d205d8d56ef81dab902602b2f34c72238eee859b47f9e4bd7e14
                                                                                                                                                                                  • Instruction ID: 270fd76560e7c7e35d42136a5ddea846e2296840a6049c72a45be0226589cbeb
                                                                                                                                                                                  • Opcode Fuzzy Hash: 3f31c8060202d205d8d56ef81dab902602b2f34c72238eee859b47f9e4bd7e14
                                                                                                                                                                                  • Instruction Fuzzy Hash: C161F4A110C3D14FD3188F3984A177BBFE29FE6315F18896DE8D68B391D674850ACB16
                                                                                                                                                                                  Function 00425640 Relevance: 4.0, Strings: 3, Instructions: 267COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.1595752443.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                  • Associated: 00000000.00000002.1595752443.0000000000451000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_1.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID: )G$AF$O6E4
                                                                                                                                                                                  • API String ID: 0-708911115
                                                                                                                                                                                  • Opcode ID: 8ec6d81a368636483f53a5262d03c7df6d3968ac354951764ba2c7921f2d5c37
                                                                                                                                                                                  • Instruction ID: c55681b2715288006430d106a57293865745791a1d902fd5570dc7bec3a9a52a
                                                                                                                                                                                  • Opcode Fuzzy Hash: 8ec6d81a368636483f53a5262d03c7df6d3968ac354951764ba2c7921f2d5c37
                                                                                                                                                                                  • Instruction Fuzzy Hash: 6A8178B1A083608BC7149F14D89136BBBE2FFD1314F59892DE4CA8B391EB798905C786
                                                                                                                                                                                  Function 006558A7 Relevance: 4.0, Strings: 3, Instructions: 267COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.1595932109.0000000000630000.00000040.00001000.00020000.00000000.sdmp, Offset: 00630000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_630000_1.jbxd
                                                                                                                                                                                  Yara matches
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID: )G$AF$O6E4
                                                                                                                                                                                  • API String ID: 0-708911115
                                                                                                                                                                                  • Opcode ID: b2dad97bd91f2edf308de5a698e88a184bc02c43f5262462ae3d1c37b7487346
                                                                                                                                                                                  • Instruction ID: 5af36eff2f637b746ac44ed578fe035f089eb8b69b1040d760e72f664f822c3c
                                                                                                                                                                                  • Opcode Fuzzy Hash: b2dad97bd91f2edf308de5a698e88a184bc02c43f5262462ae3d1c37b7487346
                                                                                                                                                                                  • Instruction Fuzzy Hash: 34815A715087508BD7149F14C8A57AFB7E2FFD1314F198A1CE8CA8B391EB798909CB82
                                                                                                                                                                                  Function 0041720B Relevance: 3.4, Strings: 2, Instructions: 890COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.1595752443.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                  • Associated: 00000000.00000002.1595752443.0000000000451000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_1.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: InitializeThunk
                                                                                                                                                                                  • String ID: !$1
                                                                                                                                                                                  • API String ID: 2994545307-1727534169
                                                                                                                                                                                  • Opcode ID: f3528607a1df3ae9fc8c7c390aaea7290184b5fcc8fb10bbb2585e9925cedb63
                                                                                                                                                                                  • Instruction ID: 18e54f202c1cd8f8496f1e16bfd62ccc5ce9293f6dd7f49c90947e8211889b76
                                                                                                                                                                                  • Opcode Fuzzy Hash: f3528607a1df3ae9fc8c7c390aaea7290184b5fcc8fb10bbb2585e9925cedb63
                                                                                                                                                                                  • Instruction Fuzzy Hash: 3222547460C3418FD7258F24D8917BBBBE2FB9A314F18497DD4C687262D7388846CB5A
                                                                                                                                                                                  Function 00404C50 Relevance: 3.3, Strings: 2, Instructions: 812COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.1595752443.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                  • Associated: 00000000.00000002.1595752443.0000000000451000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_1.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID: 0$8
                                                                                                                                                                                  • API String ID: 0-46163386
                                                                                                                                                                                  • Opcode ID: dc4de2eb1e44b5e2cf86a67ac75c8d950927b4c6011d6d09ff4b7ac02142281e
                                                                                                                                                                                  • Instruction ID: 1fc89dd6e90a0f1147a85cd4bb1c6455aebfc4c2f410c49194e28cbf86ba14e4
                                                                                                                                                                                  • Opcode Fuzzy Hash: dc4de2eb1e44b5e2cf86a67ac75c8d950927b4c6011d6d09ff4b7ac02142281e
                                                                                                                                                                                  • Instruction Fuzzy Hash: 807224B15083419FD714CF18C980BABBBE1EF88314F44892EF9899B391D379D958CB96
                                                                                                                                                                                  Function 00634EB7 Relevance: 3.3, Strings: 2, Instructions: 812COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.1595932109.0000000000630000.00000040.00001000.00020000.00000000.sdmp, Offset: 00630000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_630000_1.jbxd
                                                                                                                                                                                  Yara matches
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID: 0$8
                                                                                                                                                                                  • API String ID: 0-46163386
                                                                                                                                                                                  • Opcode ID: dc4de2eb1e44b5e2cf86a67ac75c8d950927b4c6011d6d09ff4b7ac02142281e
                                                                                                                                                                                  • Instruction ID: 03a02f59b032cef974534a9c6bfd74fcfb7edd80e6fb45734d9ad3e456fde815
                                                                                                                                                                                  • Opcode Fuzzy Hash: dc4de2eb1e44b5e2cf86a67ac75c8d950927b4c6011d6d09ff4b7ac02142281e
                                                                                                                                                                                  • Instruction Fuzzy Hash: 3F7246716087409FD714CF18C890BABBBE2BF88314F44892DF99A8B391D775D958CB92
                                                                                                                                                                                  Function 0041F700 Relevance: 3.1, Strings: 2, Instructions: 589COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.1595752443.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                  • Associated: 00000000.00000002.1595752443.0000000000451000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_1.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID: 2B$fB
                                                                                                                                                                                  • API String ID: 0-2377524714
                                                                                                                                                                                  • Opcode ID: 2bd47799eb57059bfe57c26463fa04caf668ca9dba0e1477c355565c8a3a22bb
                                                                                                                                                                                  • Instruction ID: 1fa69899fd02d1537a71c33de8ce26029d70685963f06edf95829aa842cc7e85
                                                                                                                                                                                  • Opcode Fuzzy Hash: 2bd47799eb57059bfe57c26463fa04caf668ca9dba0e1477c355565c8a3a22bb
                                                                                                                                                                                  • Instruction Fuzzy Hash: E5526BB0619B818ED325CB3C8815797BFD5AB5A324F084A5DE0EF873D2C7756005CB6A
                                                                                                                                                                                  Function 0041CC60 Relevance: 3.0, Strings: 2, Instructions: 493COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.1595752443.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                  • Associated: 00000000.00000002.1595752443.0000000000451000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_1.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID: 06i`$46i`
                                                                                                                                                                                  • API String ID: 0-253969996
                                                                                                                                                                                  • Opcode ID: 950d7402485480fe5043ae326df5e941a9b7dffefcdfff4a21107514e64b3dfe
                                                                                                                                                                                  • Instruction ID: f2447ed329897e406d807fa8b6de1cfbf394bef9ae46c609ed5e471a74be3ede
                                                                                                                                                                                  • Opcode Fuzzy Hash: 950d7402485480fe5043ae326df5e941a9b7dffefcdfff4a21107514e64b3dfe
                                                                                                                                                                                  • Instruction Fuzzy Hash: 78D13776A543118BC724CF28CC913ABB7E2EFD5310F088A2DE8D58B394EB789945C785
                                                                                                                                                                                  Function 0064CEC7 Relevance: 3.0, Strings: 2, Instructions: 493COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.1595932109.0000000000630000.00000040.00001000.00020000.00000000.sdmp, Offset: 00630000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_630000_1.jbxd
                                                                                                                                                                                  Yara matches
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID: 06i`$46i`
                                                                                                                                                                                  • API String ID: 0-253969996
                                                                                                                                                                                  • Opcode ID: 950d7402485480fe5043ae326df5e941a9b7dffefcdfff4a21107514e64b3dfe
                                                                                                                                                                                  • Instruction ID: 701166e6c967cfbea36963c9341927587b5391c57c86253989af1d582a3332a3
                                                                                                                                                                                  • Opcode Fuzzy Hash: 950d7402485480fe5043ae326df5e941a9b7dffefcdfff4a21107514e64b3dfe
                                                                                                                                                                                  • Instruction Fuzzy Hash: CAD12476A143118BC724CF29CC517ABB7F2EFD5310F098A2CE8959B394EB789905C792
                                                                                                                                                                                  Function 004380C5 Relevance: 2.9, Strings: 2, Instructions: 443COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.1595752443.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                  • Associated: 00000000.00000002.1595752443.0000000000451000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_1.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID: :$NO
                                                                                                                                                                                  • API String ID: 0-151983983
                                                                                                                                                                                  • Opcode ID: 8d0e59f60cdeb03bba48d62f09c68d2bb20dd72e2c7a8d4f82268cffeb7d5af3
                                                                                                                                                                                  • Instruction ID: 749fe1c1378150d0e6c36aa5c4e1071c40e05aa18a57c964ea53cb0ae76f5c4c
                                                                                                                                                                                  • Opcode Fuzzy Hash: 8d0e59f60cdeb03bba48d62f09c68d2bb20dd72e2c7a8d4f82268cffeb7d5af3
                                                                                                                                                                                  • Instruction Fuzzy Hash: 2FD1D13A228352CBC7189F78DC1126AB3F2FF8A351F1A887DD441872A0EB79C9518755
                                                                                                                                                                                  Function 0043E540 Relevance: 2.8, Strings: 2, Instructions: 341COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.1595752443.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                  • Associated: 00000000.00000002.1595752443.0000000000451000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_1.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: InitializeThunk
                                                                                                                                                                                  • String ID: lohi${rsp
                                                                                                                                                                                  • API String ID: 2994545307-2839643115
                                                                                                                                                                                  • Opcode ID: 6ec3607c3bd595e72fcd5a791c8a12400a05bb86aee2312962de8da7c6d16192
                                                                                                                                                                                  • Instruction ID: 5b76c8727ccef7414aecfef7b33877a78db64725eda3fd43702f7eb68cb207ed
                                                                                                                                                                                  • Opcode Fuzzy Hash: 6ec3607c3bd595e72fcd5a791c8a12400a05bb86aee2312962de8da7c6d16192
                                                                                                                                                                                  • Instruction Fuzzy Hash: 92914971A093444FD324DF25D88066BB7D2EBD9318F19D83DE49687391DA34DC05CB96
                                                                                                                                                                                  Function 0066E7A7 Relevance: 2.8, Strings: 2, Instructions: 341COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.1595932109.0000000000630000.00000040.00001000.00020000.00000000.sdmp, Offset: 00630000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_630000_1.jbxd
                                                                                                                                                                                  Yara matches
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID: lohi${rsp
                                                                                                                                                                                  • API String ID: 0-2839643115
                                                                                                                                                                                  • Opcode ID: a3250ad80699956cd847d09705c882b15188470c3c4633290d32ebebb13826ff
                                                                                                                                                                                  • Instruction ID: f0feea73ceaec798f29691d456066c21b871754abfa9e780a8f8ad9259f4828a
                                                                                                                                                                                  • Opcode Fuzzy Hash: a3250ad80699956cd847d09705c882b15188470c3c4633290d32ebebb13826ff
                                                                                                                                                                                  • Instruction Fuzzy Hash: BA9117756087448FD324DA68D880AABB7E3AFD5314F19C93CE49687791DA32EC05CB92
                                                                                                                                                                                  Function 00648783 Relevance: 2.8, Strings: 2, Instructions: 335COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.1595932109.0000000000630000.00000040.00001000.00020000.00000000.sdmp, Offset: 00630000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_630000_1.jbxd
                                                                                                                                                                                  Yara matches
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID: S<=2$d
                                                                                                                                                                                  • API String ID: 0-3247495960
                                                                                                                                                                                  • Opcode ID: 5d44fbd4020327f76e22b736ed821a1386312ea74f9885b916572f488ddec4a3
                                                                                                                                                                                  • Instruction ID: f201fb067edda76e07cc6defc04cfc9b70adff210a34e9beec12ab21fbca5727
                                                                                                                                                                                  • Opcode Fuzzy Hash: 5d44fbd4020327f76e22b736ed821a1386312ea74f9885b916572f488ddec4a3
                                                                                                                                                                                  • Instruction Fuzzy Hash: FC91C172A183218FC7248F29C4916AFB7E2EFC9754F19892DE9C59B360EB748C41C746
                                                                                                                                                                                  Function 00404310 Relevance: 2.8, Strings: 2, Instructions: 329COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.1595752443.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                  • Associated: 00000000.00000002.1595752443.0000000000451000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_1.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID: )$IEND
                                                                                                                                                                                  • API String ID: 0-707183367
                                                                                                                                                                                  • Opcode ID: 3ba4838ff5781408996869a26714bf409f97930bdc58b89186f84e971a8366e7
                                                                                                                                                                                  • Instruction ID: c8d65ec8e40953531d2d150cf49ee4dd51e34d455e4b94258e1fa90b8d2baf04
                                                                                                                                                                                  • Opcode Fuzzy Hash: 3ba4838ff5781408996869a26714bf409f97930bdc58b89186f84e971a8366e7
                                                                                                                                                                                  • Instruction Fuzzy Hash: FFD1DFB1A083449FD710CF14D84175BBBE0AF94308F14492EFA99AB3C2D779E918CB96
                                                                                                                                                                                  Function 00634577 Relevance: 2.8, Strings: 2, Instructions: 329COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.1595932109.0000000000630000.00000040.00001000.00020000.00000000.sdmp, Offset: 00630000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_630000_1.jbxd
                                                                                                                                                                                  Yara matches
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID: )$IEND
                                                                                                                                                                                  • API String ID: 0-707183367
                                                                                                                                                                                  • Opcode ID: ef0f34d132798424f401911650e294954195f9754a0d2aba1af426546c6adb8f
                                                                                                                                                                                  • Instruction ID: 90712e69885701e4eb8df1977b60582d865f44f21e6e3a55a68faab7689eba24
                                                                                                                                                                                  • Opcode Fuzzy Hash: ef0f34d132798424f401911650e294954195f9754a0d2aba1af426546c6adb8f
                                                                                                                                                                                  • Instruction Fuzzy Hash: 2AD1ADB19083449FD720CF14C881B9BBBE5AF95304F14492DF9999B381DB75E908CBD6
                                                                                                                                                                                  Function 00417B75 Relevance: 2.8, Strings: 2, Instructions: 325COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.1595752443.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                  • Associated: 00000000.00000002.1595752443.0000000000451000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_1.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID: "#$s}
                                                                                                                                                                                  • API String ID: 0-1697270657
                                                                                                                                                                                  • Opcode ID: 45cfa7331b57ae469e5dbd14d1e1d31ca626db9ec5a4d62cfea769959ddc84a6
                                                                                                                                                                                  • Instruction ID: 0dbb09ab5b5bf6ab37829dbd45b3bfcd0eaf4dfb8ca3d5501beb73d06a5c4912
                                                                                                                                                                                  • Opcode Fuzzy Hash: 45cfa7331b57ae469e5dbd14d1e1d31ca626db9ec5a4d62cfea769959ddc84a6
                                                                                                                                                                                  • Instruction Fuzzy Hash: 14B185B41083818BD7748F28C4917EBBBF1EF96314F14492DE4CA8B391EB398945CB96
                                                                                                                                                                                  Function 0042C289 Relevance: 2.8, Strings: 2, Instructions: 309COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.1595752443.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                  • Associated: 00000000.00000002.1595752443.0000000000451000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_1.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID: @a$u
                                                                                                                                                                                  • API String ID: 0-583156259
                                                                                                                                                                                  • Opcode ID: d3dcd12708497a123305e223026c5427f1c8ff29cf19f116bf7101b30c51974c
                                                                                                                                                                                  • Instruction ID: fbcac5f05e551be09428fe54d577bd2475c49f62c0f93ee7e958261cddcd3d67
                                                                                                                                                                                  • Opcode Fuzzy Hash: d3dcd12708497a123305e223026c5427f1c8ff29cf19f116bf7101b30c51974c
                                                                                                                                                                                  • Instruction Fuzzy Hash: 4E81147050C3D08BD329CF3994A07ABBBD1AF97304F5849AED4C997382DB798506CB5A
                                                                                                                                                                                  Function 0065C4F0 Relevance: 2.8, Strings: 2, Instructions: 309COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.1595932109.0000000000630000.00000040.00001000.00020000.00000000.sdmp, Offset: 00630000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_630000_1.jbxd
                                                                                                                                                                                  Yara matches
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID: @a$u
                                                                                                                                                                                  • API String ID: 0-583156259
                                                                                                                                                                                  • Opcode ID: 3129e3b7bb62805f1c8da881b8cdffdad1e39977844b090990bba48b8bd6c357
                                                                                                                                                                                  • Instruction ID: 9116b61080d1873bd7a20669869645388bcb8758366fe2acff25f4b7b7c2352c
                                                                                                                                                                                  • Opcode Fuzzy Hash: 3129e3b7bb62805f1c8da881b8cdffdad1e39977844b090990bba48b8bd6c357
                                                                                                                                                                                  • Instruction Fuzzy Hash: 1B81AF7050C3C18FD7698F3584607ABBBE2AFA6315F1849ADE4C997282DB35850ACB16
                                                                                                                                                                                  Function 0041683F Relevance: 2.8, Strings: 2, Instructions: 289COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.1595752443.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                  • Associated: 00000000.00000002.1595752443.0000000000451000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_1.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID: 7$gfff
                                                                                                                                                                                  • API String ID: 0-3777064726
                                                                                                                                                                                  • Opcode ID: 8c9bfecfa286392722ed53eecbcf6ac23db8b158cc9445d45dbf1766dcd62174
                                                                                                                                                                                  • Instruction ID: 3d4b2e6924b92d89dba50eba7aad9bacc7ff41330381467a61717d0145ebbdf0
                                                                                                                                                                                  • Opcode Fuzzy Hash: 8c9bfecfa286392722ed53eecbcf6ac23db8b158cc9445d45dbf1766dcd62174
                                                                                                                                                                                  • Instruction Fuzzy Hash: 3B918877A142104FD718CB28CC527AB77E2ABC5328F1AC63ED495DB385EA7CD8068785
                                                                                                                                                                                  Function 00646AA6 Relevance: 2.8, Strings: 2, Instructions: 289COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.1595932109.0000000000630000.00000040.00001000.00020000.00000000.sdmp, Offset: 00630000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_630000_1.jbxd
                                                                                                                                                                                  Yara matches
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID: 7$gfff
                                                                                                                                                                                  • API String ID: 0-3777064726
                                                                                                                                                                                  • Opcode ID: 0ffdb42d78c4c58d7fa8c062848f6ad05f867710567016b2c76d0dcc3bda7030
                                                                                                                                                                                  • Instruction ID: 9a62dd6b1acf0edaebfefb4820a9d252c242f2efd20c6c1288bc6310c4087cac
                                                                                                                                                                                  • Opcode Fuzzy Hash: 0ffdb42d78c4c58d7fa8c062848f6ad05f867710567016b2c76d0dcc3bda7030
                                                                                                                                                                                  • Instruction Fuzzy Hash: 88916AB3A146114FD718CB28CC527AB77D3EBC5324F19C63DE895DB385EA7898068782
                                                                                                                                                                                  Function 0041AD81 Relevance: 2.8, Strings: 2, Instructions: 279COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.1595752443.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                  • Associated: 00000000.00000002.1595752443.0000000000451000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_1.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID: CM$x3,-
                                                                                                                                                                                  • API String ID: 0-963954796
                                                                                                                                                                                  • Opcode ID: c7ec97056ef5d7451396091adfbb21196398647091a03233de05f2bd3cc66c9f
                                                                                                                                                                                  • Instruction ID: 60a2503823a4bd7a06fd63a5a117870e708642e8d87b92e168cd7b561aa8ac81
                                                                                                                                                                                  • Opcode Fuzzy Hash: c7ec97056ef5d7451396091adfbb21196398647091a03233de05f2bd3cc66c9f
                                                                                                                                                                                  • Instruction Fuzzy Hash: E8917EB4911B009FC7249F29C992657BFF0FF0A310B448A5EE4D68BB95D334E41ACB96
                                                                                                                                                                                  Function 0064AFE8 Relevance: 2.8, Strings: 2, Instructions: 279COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.1595932109.0000000000630000.00000040.00001000.00020000.00000000.sdmp, Offset: 00630000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_630000_1.jbxd
                                                                                                                                                                                  Yara matches
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID: CM$x3,-
                                                                                                                                                                                  • API String ID: 0-963954796
                                                                                                                                                                                  • Opcode ID: 4de653d71386804ff8eefce6173c6268b1ee3d72daab71427b5753f354fada18
                                                                                                                                                                                  • Instruction ID: 3c19955afb8eb5b2914ca41a474238669313bbf03219588305458079dbec8342
                                                                                                                                                                                  • Opcode Fuzzy Hash: 4de653d71386804ff8eefce6173c6268b1ee3d72daab71427b5753f354fada18
                                                                                                                                                                                  • Instruction Fuzzy Hash: 339170B4910B009FC7249F39C992666BFF1FF0A310B449A5DE8D68BB91D330E406CB96
                                                                                                                                                                                  Function 0041D172 Relevance: 2.7, Strings: 2, Instructions: 241COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.1595752443.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                  • Associated: 00000000.00000002.1595752443.0000000000451000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_1.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID: [U$_8Y
                                                                                                                                                                                  • API String ID: 0-1769107113
                                                                                                                                                                                  • Opcode ID: 2de7e5a8a420d7dd93a59f68573543f01e92f0f538d171cd9344b6dd381d8216
                                                                                                                                                                                  • Instruction ID: dbbf278c2bacecff999c145e9aaa370764f689556e24d9aac89d4aa807a88380
                                                                                                                                                                                  • Opcode Fuzzy Hash: 2de7e5a8a420d7dd93a59f68573543f01e92f0f538d171cd9344b6dd381d8216
                                                                                                                                                                                  • Instruction Fuzzy Hash: 7B6121B4A4C3608BD700DF24D8526ABB7F1EF92304F18896DE8C49B391E739D946C75A
                                                                                                                                                                                  Function 0041D189 Relevance: 2.7, Strings: 2, Instructions: 235COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.1595752443.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                  • Associated: 00000000.00000002.1595752443.0000000000451000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_1.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID: [U$_8Y
                                                                                                                                                                                  • API String ID: 0-1769107113
                                                                                                                                                                                  • Opcode ID: ca1f04ffdd9432a76503c3722e4270e3a79fa3bc8024ed315014797cf7c4e397
                                                                                                                                                                                  • Instruction ID: 745f7f357dcc798e0013ac37dd40356403c72cfde69a1ac2245775e34d3d9e00
                                                                                                                                                                                  • Opcode Fuzzy Hash: ca1f04ffdd9432a76503c3722e4270e3a79fa3bc8024ed315014797cf7c4e397
                                                                                                                                                                                  • Instruction Fuzzy Hash: 1F5122B4A4C3208BD700DF24D8526ABB7F1EF92304F18896DE8949B391E739D946C75A
                                                                                                                                                                                  Function 0064D3FF Relevance: 2.7, Strings: 2, Instructions: 216COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.1595932109.0000000000630000.00000040.00001000.00020000.00000000.sdmp, Offset: 00630000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_630000_1.jbxd
                                                                                                                                                                                  Yara matches
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID: [U$_8Y
                                                                                                                                                                                  • API String ID: 0-1769107113
                                                                                                                                                                                  • Opcode ID: 597d8c6b4f52e3706818ec3a7eaeb64713eab8564aa5541b7d7cd49197d35a02
                                                                                                                                                                                  • Instruction ID: 6804c5d96c733d929e96d2f05991c234851ccfaebbc59d29661f0bec08f33924
                                                                                                                                                                                  • Opcode Fuzzy Hash: 597d8c6b4f52e3706818ec3a7eaeb64713eab8564aa5541b7d7cd49197d35a02
                                                                                                                                                                                  • Instruction Fuzzy Hash: AF51D17094C3508BD714DF24C851AABB7F2EFA2318F18995CE8C09B394E739D905C756
                                                                                                                                                                                  Function 0040F2A0 Relevance: 2.7, Strings: 2, Instructions: 201COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.1595752443.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                  • Associated: 00000000.00000002.1595752443.0000000000451000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_1.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID: J$]
                                                                                                                                                                                  • API String ID: 0-1719541227
                                                                                                                                                                                  • Opcode ID: 9a5cb20b35358285f9106b57737df75f46960ac4212b54fcc403659a9b7504ab
                                                                                                                                                                                  • Instruction ID: c2a547b3e3257e2a60a3162dbe37f6b0d8c9c12c73f40702746b0eb0c0ebfcb1
                                                                                                                                                                                  • Opcode Fuzzy Hash: 9a5cb20b35358285f9106b57737df75f46960ac4212b54fcc403659a9b7504ab
                                                                                                                                                                                  • Instruction Fuzzy Hash: 78610733A1C7908BD3248A79888129FBBD29BD6324F194A3FE8E4D73D1D57C88068746
                                                                                                                                                                                  Function 0063F507 Relevance: 2.7, Strings: 2, Instructions: 201COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.1595932109.0000000000630000.00000040.00001000.00020000.00000000.sdmp, Offset: 00630000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_630000_1.jbxd
                                                                                                                                                                                  Yara matches
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID: J$]
                                                                                                                                                                                  • API String ID: 0-1719541227
                                                                                                                                                                                  • Opcode ID: 9a5cb20b35358285f9106b57737df75f46960ac4212b54fcc403659a9b7504ab
                                                                                                                                                                                  • Instruction ID: fbc2e7b751f04d27f2b7f71f8795ee904fc61228416df3dfc5ad500966069c72
                                                                                                                                                                                  • Opcode Fuzzy Hash: 9a5cb20b35358285f9106b57737df75f46960ac4212b54fcc403659a9b7504ab
                                                                                                                                                                                  • Instruction Fuzzy Hash: 4D613B33A1C7908BD3644B78889129FBBD39BD6324F294A7ED8E4C73D1D57888068746
                                                                                                                                                                                  Function 00423C60 Relevance: 2.7, Strings: 2, Instructions: 200COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.1595752443.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                  • Associated: 00000000.00000002.1595752443.0000000000451000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_1.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID: Z[$b"}
                                                                                                                                                                                  • API String ID: 0-914116730
                                                                                                                                                                                  • Opcode ID: 4229413fd3a1aa116a9e8c44a744f9651f1d6388edf0522eb2c046a850b0801f
                                                                                                                                                                                  • Instruction ID: 6b6e052843e24cc9edafcdc6f1f0a1cacb0520b7144118268037eb409e235c65
                                                                                                                                                                                  • Opcode Fuzzy Hash: 4229413fd3a1aa116a9e8c44a744f9651f1d6388edf0522eb2c046a850b0801f
                                                                                                                                                                                  • Instruction Fuzzy Hash: AF612476A483109FE314CF65D88075FBBE2EBC5704F09C93DE9985B381C7B488058B92
                                                                                                                                                                                  Function 00419820 Relevance: 2.7, Strings: 1, Instructions: 1444COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.1595752443.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                  • Associated: 00000000.00000002.1595752443.0000000000451000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_1.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: InitializeThunk
                                                                                                                                                                                  • String ID: gd
                                                                                                                                                                                  • API String ID: 2994545307-565856990
                                                                                                                                                                                  • Opcode ID: 8d0545c3653338817ca37a9588346ce3dc7fafe407aa9a79eef66dbc652e1af3
                                                                                                                                                                                  • Instruction ID: d3416c62d5f4d96937481a465925c134d6d61a05fcb7b5faac583e51cdfa4134
                                                                                                                                                                                  • Opcode Fuzzy Hash: 8d0545c3653338817ca37a9588346ce3dc7fafe407aa9a79eef66dbc652e1af3
                                                                                                                                                                                  • Instruction Fuzzy Hash: B69244756093419BE724CF20D8917ABBBE2FBD5304F18882EE4C687352D679DC86C74A
                                                                                                                                                                                  Function 00649A87 Relevance: 2.7, Strings: 1, Instructions: 1444COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.1595932109.0000000000630000.00000040.00001000.00020000.00000000.sdmp, Offset: 00630000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_630000_1.jbxd
                                                                                                                                                                                  Yara matches
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID: gd
                                                                                                                                                                                  • API String ID: 0-565856990
                                                                                                                                                                                  • Opcode ID: 912b67ff688b1908850d0dfdb9d3d6dbb5e8fdad775615128f556e03d611a2ce
                                                                                                                                                                                  • Instruction ID: 0bfd34ce34dce72e20326185755f2a7e10c70a00e633d04efb4a471b44fad4dc
                                                                                                                                                                                  • Opcode Fuzzy Hash: 912b67ff688b1908850d0dfdb9d3d6dbb5e8fdad775615128f556e03d611a2ce
                                                                                                                                                                                  • Instruction Fuzzy Hash: F2920075688341ABE724CFA4D881BAFBBE3BFD5304F18882CE58587352D6719C46CB52
                                                                                                                                                                                  Function 0040E465 Relevance: 2.7, Strings: 2, Instructions: 162COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.1595752443.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                  • Associated: 00000000.00000002.1595752443.0000000000451000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_1.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID: c${L
                                                                                                                                                                                  • API String ID: 0-2217919563
                                                                                                                                                                                  • Opcode ID: 59793655f248d662b5dbaf65c2a1dae74dc1d35872327831223a3ad235feea0c
                                                                                                                                                                                  • Instruction ID: 6582da5c407738a1fcddd38b200c91033826be8be1102bd7c8d261378b6c7d0f
                                                                                                                                                                                  • Opcode Fuzzy Hash: 59793655f248d662b5dbaf65c2a1dae74dc1d35872327831223a3ad235feea0c
                                                                                                                                                                                  • Instruction Fuzzy Hash: AE512272A0C3D04BE724CB24C8913DF7BE2EBE5308F18493DD8C9A7292E7755A468746
                                                                                                                                                                                  Function 0063E6CC Relevance: 2.7, Strings: 2, Instructions: 162COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.1595932109.0000000000630000.00000040.00001000.00020000.00000000.sdmp, Offset: 00630000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_630000_1.jbxd
                                                                                                                                                                                  Yara matches
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID: c${L
                                                                                                                                                                                  • API String ID: 0-2217919563
                                                                                                                                                                                  • Opcode ID: 59793655f248d662b5dbaf65c2a1dae74dc1d35872327831223a3ad235feea0c
                                                                                                                                                                                  • Instruction ID: 83fcbeff8c33a81f3c0f8943f061287de83875dea4fdc4a844e044686159b744
                                                                                                                                                                                  • Opcode Fuzzy Hash: 59793655f248d662b5dbaf65c2a1dae74dc1d35872327831223a3ad235feea0c
                                                                                                                                                                                  • Instruction Fuzzy Hash: 4151EF72A0C3D04BE725CB24C8917DF7BE3EBE6304F18493CD88997282D7765A468786
                                                                                                                                                                                  Function 0063092B Relevance: 2.6, Strings: 2, Instructions: 90COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.1595932109.0000000000630000.00000040.00001000.00020000.00000000.sdmp, Offset: 00630000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_630000_1.jbxd
                                                                                                                                                                                  Yara matches
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID: GetProcAddress.$l
                                                                                                                                                                                  • API String ID: 0-1376745856
                                                                                                                                                                                  • Opcode ID: 067b9ac1cfdfa220879cc7a8ef70782a20aa364414f13e2dc252473fde93e59c
                                                                                                                                                                                  • Instruction ID: 9013cb23ad4f06e4f1c28519ed8b1fa9f1e99acf318e961cecb312c3fe85d718
                                                                                                                                                                                  • Opcode Fuzzy Hash: 067b9ac1cfdfa220879cc7a8ef70782a20aa364414f13e2dc252473fde93e59c
                                                                                                                                                                                  • Instruction Fuzzy Hash: 043119B6900609DFEB10CF99C880AADBBF6FF48324F15504AD441A7351D771EA49CBA4
                                                                                                                                                                                  Function 004290B0 Relevance: 2.6, Strings: 2, Instructions: 85COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.1595752443.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                  • Associated: 00000000.00000002.1595752443.0000000000451000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_1.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID: 5B3@$dV3T
                                                                                                                                                                                  • API String ID: 0-261990991
                                                                                                                                                                                  • Opcode ID: 9672135063d689be0f5c0da4d90228940091206f365f4ce267bd247f00f7031f
                                                                                                                                                                                  • Instruction ID: b29054f4564d7df0cb3ea9a5e2943f07c54ff90192ee1d7b0b27b06a36dd0a19
                                                                                                                                                                                  • Opcode Fuzzy Hash: 9672135063d689be0f5c0da4d90228940091206f365f4ce267bd247f00f7031f
                                                                                                                                                                                  • Instruction Fuzzy Hash: 9931CDB16083948FD3108F6A988075FFBF6BBD6704F149A2CE5D59B295C7B4C502CB0A
                                                                                                                                                                                  Function 00659317 Relevance: 2.6, Strings: 2, Instructions: 85COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.1595932109.0000000000630000.00000040.00001000.00020000.00000000.sdmp, Offset: 00630000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_630000_1.jbxd
                                                                                                                                                                                  Yara matches
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID: 5B3@$dV3T
                                                                                                                                                                                  • API String ID: 0-261990991
                                                                                                                                                                                  • Opcode ID: 9672135063d689be0f5c0da4d90228940091206f365f4ce267bd247f00f7031f
                                                                                                                                                                                  • Instruction ID: 3f15f94691469e9bb077dac2c6ed6355d71e8ddab87ef8d44d79bfcb238ba6ed
                                                                                                                                                                                  • Opcode Fuzzy Hash: 9672135063d689be0f5c0da4d90228940091206f365f4ce267bd247f00f7031f
                                                                                                                                                                                  • Instruction Fuzzy Hash: 6E31CDB16083948FD3108F69888075FFBF6BBD6704F189A2CE5D59B295C7B4C5068B06
                                                                                                                                                                                  Function 006464A8 Relevance: 2.6, Strings: 2, Instructions: 73COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.1595932109.0000000000630000.00000040.00001000.00020000.00000000.sdmp, Offset: 00630000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_630000_1.jbxd
                                                                                                                                                                                  Yara matches
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID: >89>$L4
                                                                                                                                                                                  • API String ID: 0-1866230856
                                                                                                                                                                                  • Opcode ID: 0fbbfa1fb79903dbcd2077a86ff9f9f8dbe4afa07d22b75513baf1f08d5c0aac
                                                                                                                                                                                  • Instruction ID: ac867044fb4b1e25290ce5342b9e2ab2fbb78558aa9bea9fff676ecf95c165ba
                                                                                                                                                                                  • Opcode Fuzzy Hash: 0fbbfa1fb79903dbcd2077a86ff9f9f8dbe4afa07d22b75513baf1f08d5c0aac
                                                                                                                                                                                  • Instruction Fuzzy Hash: 7211E675A08340ABD374CF14D8816EEB7A3ABD6714F288A3CE48957615CA31AC82C756
                                                                                                                                                                                  Function 00414A50 Relevance: 2.4, Strings: 1, Instructions: 1153COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.1595752443.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                  • Associated: 00000000.00000002.1595752443.0000000000451000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_1.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID: D]+\
                                                                                                                                                                                  • API String ID: 0-1174097187
                                                                                                                                                                                  • Opcode ID: ce1a6abebd918d31e32b28695c6e18fdbc6e1fa9cd7b104132113a535bb7ddc6
                                                                                                                                                                                  • Instruction ID: ac143a8930134034007b8af92fea92a390f1b734c9e387aabf5c60ab9bf73dd2
                                                                                                                                                                                  • Opcode Fuzzy Hash: ce1a6abebd918d31e32b28695c6e18fdbc6e1fa9cd7b104132113a535bb7ddc6
                                                                                                                                                                                  • Instruction Fuzzy Hash: DA626679A08300DFD7149F24E8527BBB3A1FBD6315F04483DE88157391E779A946CB8A
                                                                                                                                                                                  Function 0064F967 Relevance: 1.8, Strings: 1, Instructions: 589COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.1595932109.0000000000630000.00000040.00001000.00020000.00000000.sdmp, Offset: 00630000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_630000_1.jbxd
                                                                                                                                                                                  Yara matches
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID: 2B
                                                                                                                                                                                  • API String ID: 0-2445177625
                                                                                                                                                                                  • Opcode ID: 2bd47799eb57059bfe57c26463fa04caf668ca9dba0e1477c355565c8a3a22bb
                                                                                                                                                                                  • Instruction ID: a68e19b2abf597b59dbffa3ac33e41003ab09fc0c5ff5c3e92bd2e91b1800ff8
                                                                                                                                                                                  • Opcode Fuzzy Hash: 2bd47799eb57059bfe57c26463fa04caf668ca9dba0e1477c355565c8a3a22bb
                                                                                                                                                                                  • Instruction Fuzzy Hash: DC526BB0609B818ED325CB3C8855797BFE5AB5A324F084A9DE0EF873D2C7756001CB66
                                                                                                                                                                                  Function 004266C0 Relevance: 1.8, Strings: 1, Instructions: 544COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.1595752443.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                  • Associated: 00000000.00000002.1595752443.0000000000451000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_1.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID: :
                                                                                                                                                                                  • API String ID: 0-3726092367
                                                                                                                                                                                  • Opcode ID: aa0792222c5b9684ba4fd6850a9b803e48086273b0a51499fd990f25d9074ad7
                                                                                                                                                                                  • Instruction ID: 7df7a0f5e433484fd3e1450489786986de220561401b8d80e1db3af9318195ab
                                                                                                                                                                                  • Opcode Fuzzy Hash: aa0792222c5b9684ba4fd6850a9b803e48086273b0a51499fd990f25d9074ad7
                                                                                                                                                                                  • Instruction Fuzzy Hash: B2F16AB16083518FD7149F24985122BBBE1EFCA314F09897EF4D59B382D738D805CB96
                                                                                                                                                                                  Function 0042A3B0 Relevance: 1.8, Strings: 1, Instructions: 504COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.1595752443.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                  • Associated: 00000000.00000002.1595752443.0000000000451000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_1.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID: "
                                                                                                                                                                                  • API String ID: 0-123907689
                                                                                                                                                                                  • Opcode ID: 737f16272858f3ef337be2358f0e61d3c412c3fad82c308082b52e8dd245e745
                                                                                                                                                                                  • Instruction ID: 92e6f4d001716555a0d1247b86d5f1c1a18a2f68780db1dbce1c37e223081281
                                                                                                                                                                                  • Opcode Fuzzy Hash: 737f16272858f3ef337be2358f0e61d3c412c3fad82c308082b52e8dd245e745
                                                                                                                                                                                  • Instruction Fuzzy Hash: 62F145B1B083615FC728CE29D45062BBBE5AFC5304F58892EEC9987382D638DC55C797
                                                                                                                                                                                  Function 0065A617 Relevance: 1.8, Strings: 1, Instructions: 504COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.1595932109.0000000000630000.00000040.00001000.00020000.00000000.sdmp, Offset: 00630000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_630000_1.jbxd
                                                                                                                                                                                  Yara matches
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID: "
                                                                                                                                                                                  • API String ID: 0-123907689
                                                                                                                                                                                  • Opcode ID: 53fd736524474ad33ed1137964103f274b05866b83c981b3d0cd11237d977ccc
                                                                                                                                                                                  • Instruction ID: ddc8801e71e94b4c29745b3fe1e3e20c5b8dac336c2c0e1f4eda5d3162d604e3
                                                                                                                                                                                  • Opcode Fuzzy Hash: 53fd736524474ad33ed1137964103f274b05866b83c981b3d0cd11237d977ccc
                                                                                                                                                                                  • Instruction Fuzzy Hash: 0BF1F071A083415FC729CE68C450AABBBE7AFC5305F188A6DEC9987382D634DD49C793
                                                                                                                                                                                  Function 00427A40 Relevance: 1.6, Strings: 1, Instructions: 310COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.1595752443.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                  • Associated: 00000000.00000002.1595752443.0000000000451000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_1.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID: 2zB
                                                                                                                                                                                  • API String ID: 0-2511100204
                                                                                                                                                                                  • Opcode ID: 9720422ede6813fa5a9d050d394949875bfca3c20cbf19ec6d19b8260d18785b
                                                                                                                                                                                  • Instruction ID: ddbb64e6260f26d90e6544e713645941dfc52134aafc56e380d920f55b39a9b3
                                                                                                                                                                                  • Opcode Fuzzy Hash: 9720422ede6813fa5a9d050d394949875bfca3c20cbf19ec6d19b8260d18785b
                                                                                                                                                                                  • Instruction Fuzzy Hash: 6FB11536B04651CFDB148F28E8A076DBBB2AF8A324F1942ADD5516B3D2CB359D41CB44
                                                                                                                                                                                  Function 00648C5A Relevance: 1.5, Strings: 1, Instructions: 274COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.1595932109.0000000000630000.00000040.00001000.00020000.00000000.sdmp, Offset: 00630000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_630000_1.jbxd
                                                                                                                                                                                  Yara matches
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID: Q230
                                                                                                                                                                                  • API String ID: 0-2812859321
                                                                                                                                                                                  • Opcode ID: 01a2ed763a1866f680d9b430654db650df8ee60e15691e714ed058bb45f0bd25
                                                                                                                                                                                  • Instruction ID: ceae395e517d2b3a569e24ed2a305fe0ebe99c9c21c6157961cd98dc424f8de8
                                                                                                                                                                                  • Opcode Fuzzy Hash: 01a2ed763a1866f680d9b430654db650df8ee60e15691e714ed058bb45f0bd25
                                                                                                                                                                                  • Instruction Fuzzy Hash: F791E0756083128BC324CF68C8D16ABB7E2FFD4354F18896DE9D98B3A0DB749945C742
                                                                                                                                                                                  Function 00405E30 Relevance: 1.5, Strings: 1, Instructions: 265COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.1595752443.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                  • Associated: 00000000.00000002.1595752443.0000000000451000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_1.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID: ,
                                                                                                                                                                                  • API String ID: 0-3772416878
                                                                                                                                                                                  • Opcode ID: 9ab895739d41f0ab865343ec625439abbeff1199f3a28a60c6668c61fd6c002f
                                                                                                                                                                                  • Instruction ID: e89a77ff93ddb38b95b90bcfb889e7ba950346052171730fff1932e27f953cbd
                                                                                                                                                                                  • Opcode Fuzzy Hash: 9ab895739d41f0ab865343ec625439abbeff1199f3a28a60c6668c61fd6c002f
                                                                                                                                                                                  • Instruction Fuzzy Hash: 89B128711097819FD321CF18C98061BBBE0AFA9704F444A2DE5D997782D635EA18CBA7
                                                                                                                                                                                  Function 00636097 Relevance: 1.5, Strings: 1, Instructions: 265COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.1595932109.0000000000630000.00000040.00001000.00020000.00000000.sdmp, Offset: 00630000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_630000_1.jbxd
                                                                                                                                                                                  Yara matches
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID: ,
                                                                                                                                                                                  • API String ID: 0-3772416878
                                                                                                                                                                                  • Opcode ID: 9ab895739d41f0ab865343ec625439abbeff1199f3a28a60c6668c61fd6c002f
                                                                                                                                                                                  • Instruction ID: 7c1a92e2d40addf1bc299fb31909e7450eb4125d106c43f667a2b5373cdb67af
                                                                                                                                                                                  • Opcode Fuzzy Hash: 9ab895739d41f0ab865343ec625439abbeff1199f3a28a60c6668c61fd6c002f
                                                                                                                                                                                  • Instruction Fuzzy Hash: E1B139711083819FD325CF18C98065BFBE1AFA9704F448A2DF5D997342D631EA18CBA7
                                                                                                                                                                                  Function 004368A0 Relevance: 1.5, Strings: 1, Instructions: 255COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.1595752443.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                  • Associated: 00000000.00000002.1595752443.0000000000451000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_1.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: InitializeThunk
                                                                                                                                                                                  • String ID: Y
                                                                                                                                                                                  • API String ID: 2994545307-3233089245
                                                                                                                                                                                  • Opcode ID: 735489504dda1ef195222b97d6476e7893353e1dfcb60423a4e8088c9ea87ea3
                                                                                                                                                                                  • Instruction ID: a4289b91742af8a649f9490c94c298736aa57d09423d3347482f894dc73a8cbd
                                                                                                                                                                                  • Opcode Fuzzy Hash: 735489504dda1ef195222b97d6476e7893353e1dfcb60423a4e8088c9ea87ea3
                                                                                                                                                                                  • Instruction Fuzzy Hash: 97A12A7110C7969FC3109A28849026FFFD29BDA324F19DA2EE0D5873D2D6B9854AC74B
                                                                                                                                                                                  Function 00666B07 Relevance: 1.5, Strings: 1, Instructions: 255COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.1595932109.0000000000630000.00000040.00001000.00020000.00000000.sdmp, Offset: 00630000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_630000_1.jbxd
                                                                                                                                                                                  Yara matches
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID: Y
                                                                                                                                                                                  • API String ID: 0-3233089245
                                                                                                                                                                                  • Opcode ID: 9fc61b0ac9d87c127389de8a6fb9445ac985fe36a127472672b78f1c2fbc2652
                                                                                                                                                                                  • Instruction ID: 4da757778e4d9703db65a50e8bff511d3fd2bc9fd3bde609dbc302f8a8e3f645
                                                                                                                                                                                  • Opcode Fuzzy Hash: 9fc61b0ac9d87c127389de8a6fb9445ac985fe36a127472672b78f1c2fbc2652
                                                                                                                                                                                  • Instruction Fuzzy Hash: F6A1E63520CB918BC3159B38E4902AEBFD3ABD6324F184A6CF0D5873D2D675C94AC756
                                                                                                                                                                                  Function 00427D94 Relevance: 1.5, Strings: 1, Instructions: 252COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.1595752443.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                  • Associated: 00000000.00000002.1595752443.0000000000451000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_1.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID: '~B
                                                                                                                                                                                  • API String ID: 0-3945659827
                                                                                                                                                                                  • Opcode ID: 6cd182aadbae8201b1a14a0ef8d30e3322d9455c81f51696962b770ed5e8f57b
                                                                                                                                                                                  • Instruction ID: facc320368adb0e38865f7d39bc9e4bc09185422e08a7714fe12abc926ee805b
                                                                                                                                                                                  • Opcode Fuzzy Hash: 6cd182aadbae8201b1a14a0ef8d30e3322d9455c81f51696962b770ed5e8f57b
                                                                                                                                                                                  • Instruction Fuzzy Hash: 049144BAE00215CFDB148F95E8917AEBBB1FF49314F19416DE5016B392CB79A801CB85
                                                                                                                                                                                  Function 0041DC50 Relevance: 1.5, Strings: 1, Instructions: 237COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.1595752443.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                  • Associated: 00000000.00000002.1595752443.0000000000451000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_1.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID: 8
                                                                                                                                                                                  • API String ID: 0-4194326291
                                                                                                                                                                                  • Opcode ID: 52352b04d4314bbdbeb4d82f0d566753c49ebe34a20e49696560913b1abe149f
                                                                                                                                                                                  • Instruction ID: 8505ed72132e1e65eb893044f29f9305d5c81f6a979d734bf8983add9f432d42
                                                                                                                                                                                  • Opcode Fuzzy Hash: 52352b04d4314bbdbeb4d82f0d566753c49ebe34a20e49696560913b1abe149f
                                                                                                                                                                                  • Instruction Fuzzy Hash: 9D71F573A49E9047D72C893C4C213AA6E934BE7330F2D876EE5B6CB3E5D55948428345
                                                                                                                                                                                  Function 0064DEB7 Relevance: 1.5, Strings: 1, Instructions: 237COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.1595932109.0000000000630000.00000040.00001000.00020000.00000000.sdmp, Offset: 00630000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_630000_1.jbxd
                                                                                                                                                                                  Yara matches
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID: 8
                                                                                                                                                                                  • API String ID: 0-4194326291
                                                                                                                                                                                  • Opcode ID: 52352b04d4314bbdbeb4d82f0d566753c49ebe34a20e49696560913b1abe149f
                                                                                                                                                                                  • Instruction ID: 742551eee4ca06a79058d2e79e913244d269aa5d02714a655348746fa731b209
                                                                                                                                                                                  • Opcode Fuzzy Hash: 52352b04d4314bbdbeb4d82f0d566753c49ebe34a20e49696560913b1abe149f
                                                                                                                                                                                  • Instruction Fuzzy Hash: C471E533A59A9047D7288A3C4C213AA6A935BD3330F2EC76DE9F6C73E5D56688468341
                                                                                                                                                                                  Function 0042FEC0 Relevance: 1.5, Strings: 1, Instructions: 225COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.1595752443.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                  • Associated: 00000000.00000002.1595752443.0000000000451000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_1.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID: 8
                                                                                                                                                                                  • API String ID: 0-4194326291
                                                                                                                                                                                  • Opcode ID: 3c4551cb3b845ef9165c766284d10fc4bf13f62165ee8ab3d29115217bf5583c
                                                                                                                                                                                  • Instruction ID: 39faaa5adb4e5427d540b585bc0f6d1cbc561c33c32045a1bc9b9289a607c9ee
                                                                                                                                                                                  • Opcode Fuzzy Hash: 3c4551cb3b845ef9165c766284d10fc4bf13f62165ee8ab3d29115217bf5583c
                                                                                                                                                                                  • Instruction Fuzzy Hash: A67137276499E047D3298A3C5C313BA7A934B97330F2DC77EE9F68B3E1D56948058349
                                                                                                                                                                                  Function 00660127 Relevance: 1.5, Strings: 1, Instructions: 225COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.1595932109.0000000000630000.00000040.00001000.00020000.00000000.sdmp, Offset: 00630000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_630000_1.jbxd
                                                                                                                                                                                  Yara matches
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID: 8
                                                                                                                                                                                  • API String ID: 0-4194326291
                                                                                                                                                                                  • Opcode ID: 3c4551cb3b845ef9165c766284d10fc4bf13f62165ee8ab3d29115217bf5583c
                                                                                                                                                                                  • Instruction ID: f4dbf55572849e0b83d1b7a3d31365598c2478786950db7d4244be4c36053fb2
                                                                                                                                                                                  • Opcode Fuzzy Hash: 3c4551cb3b845ef9165c766284d10fc4bf13f62165ee8ab3d29115217bf5583c
                                                                                                                                                                                  • Instruction Fuzzy Hash: 8C71F337A599914BE3298A3C4C653AB6A834FD3230F2DC77DE9F69B3E1D55948068340
                                                                                                                                                                                  Function 0041A800 Relevance: 1.4, Strings: 1, Instructions: 200COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.1595752443.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                  • Associated: 00000000.00000002.1595752443.0000000000451000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_1.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID: _
                                                                                                                                                                                  • API String ID: 0-701932520
                                                                                                                                                                                  • Opcode ID: 09ec499a19dcd270cca4c64abc13cc14c0b6506555cb3a2d2b0ae6aacfec0a13
                                                                                                                                                                                  • Instruction ID: 97fe640e7a02e7cee0885bccf7c2faa7b2ed334f0fa41317f0c11f971a2b85c2
                                                                                                                                                                                  • Opcode Fuzzy Hash: 09ec499a19dcd270cca4c64abc13cc14c0b6506555cb3a2d2b0ae6aacfec0a13
                                                                                                                                                                                  • Instruction Fuzzy Hash: EA61095560469009DB2CDF74849233BBAE69F5430CF1991BFC965CFAA7E939C103878A
                                                                                                                                                                                  Function 0064AA67 Relevance: 1.4, Strings: 1, Instructions: 200COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.1595932109.0000000000630000.00000040.00001000.00020000.00000000.sdmp, Offset: 00630000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_630000_1.jbxd
                                                                                                                                                                                  Yara matches
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID: _
                                                                                                                                                                                  • API String ID: 0-701932520
                                                                                                                                                                                  • Opcode ID: b87519bb105d626b698f5eb6738d417ba7205d8309420faeafa33aa56a69b860
                                                                                                                                                                                  • Instruction ID: 1f4aa3a89b95ee9b10afb9f37b467c7140f332fa7bd0e4f52a753c21512852a6
                                                                                                                                                                                  • Opcode Fuzzy Hash: b87519bb105d626b698f5eb6738d417ba7205d8309420faeafa33aa56a69b860
                                                                                                                                                                                  • Instruction Fuzzy Hash: 36614B5560468009EB6DDF74849333BBAE29F8430CF1881BED955CFBABE938C1038789
                                                                                                                                                                                  Function 0043B813 Relevance: 1.4, Strings: 1, Instructions: 186COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.1595752443.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                  • Associated: 00000000.00000002.1595752443.0000000000451000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_1.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID: ,1
                                                                                                                                                                                  • API String ID: 0-24929940
                                                                                                                                                                                  • Opcode ID: 6d98587f8939d2c012a2ba08d197a3741554830b5bb66b06610b840544a59760
                                                                                                                                                                                  • Instruction ID: 70cabcac6185b1f3bcd3dd34b1d372158257d7fa3f1c7033ed7c5e511fe8c256
                                                                                                                                                                                  • Opcode Fuzzy Hash: 6d98587f8939d2c012a2ba08d197a3741554830b5bb66b06610b840544a59760
                                                                                                                                                                                  • Instruction Fuzzy Hash: 2D517A75610A118BCB1CCF39DC6163EBBE2FB5A304318597DC452DB362EB389812CB58
                                                                                                                                                                                  Function 0066BA7A Relevance: 1.4, Strings: 1, Instructions: 186COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.1595932109.0000000000630000.00000040.00001000.00020000.00000000.sdmp, Offset: 00630000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_630000_1.jbxd
                                                                                                                                                                                  Yara matches
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID: ,1
                                                                                                                                                                                  • API String ID: 0-24929940
                                                                                                                                                                                  • Opcode ID: f2b4f3ae3be06eb16216056ebf896d58a8c233bf04d8ee201415c7f7bd2fa06e
                                                                                                                                                                                  • Instruction ID: fc87aaf1b60470f34cb761f3cb4bff0ed840ee49c373d1d54e836d1f4469c873
                                                                                                                                                                                  • Opcode Fuzzy Hash: f2b4f3ae3be06eb16216056ebf896d58a8c233bf04d8ee201415c7f7bd2fa06e
                                                                                                                                                                                  • Instruction Fuzzy Hash: 48515771A10A118BCB1CCF78CD9157EBBE2FB56300318497DC892DB3A2EB398812CB14
                                                                                                                                                                                  Function 0041AAE0 Relevance: 1.4, Strings: 1, Instructions: 179COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.1595752443.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                  • Associated: 00000000.00000002.1595752443.0000000000451000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_1.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID: 2wA
                                                                                                                                                                                  • API String ID: 0-3104536283
                                                                                                                                                                                  • Opcode ID: f3fee0a619be26c3fbbd66b80efcb83d594cc2c983b27a8d0feddf0d8957dbc1
                                                                                                                                                                                  • Instruction ID: 19abedc2f7249a838ee80c8ce8d6dbfb0e247deb7d84b577c797377eabd08daf
                                                                                                                                                                                  • Opcode Fuzzy Hash: f3fee0a619be26c3fbbd66b80efcb83d594cc2c983b27a8d0feddf0d8957dbc1
                                                                                                                                                                                  • Instruction Fuzzy Hash: 6D512B3774A9D14BE3288A3C4C113E66A934BE3330B2DC76AD5B1C73E5E5694892538B
                                                                                                                                                                                  Function 0043E8D0 Relevance: 1.4, Strings: 1, Instructions: 166COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.1595752443.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                  • Associated: 00000000.00000002.1595752443.0000000000451000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_1.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID: @
                                                                                                                                                                                  • API String ID: 0-2766056989
                                                                                                                                                                                  • Opcode ID: d4366b74421833f4a59e5462d3d1c86dfa9b35dc096329962656ef279fab0e9b
                                                                                                                                                                                  • Instruction ID: b2ec713f50e1ec4eaefd64698c8318637090bd4f0642cad91035488fd90acfa6
                                                                                                                                                                                  • Opcode Fuzzy Hash: d4366b74421833f4a59e5462d3d1c86dfa9b35dc096329962656ef279fab0e9b
                                                                                                                                                                                  • Instruction Fuzzy Hash: F74120B1A053008BD7188F15CC51B7BBBA2FFC9318F08991CE5855B3A1E779A900CB86
                                                                                                                                                                                  Function 0066EB37 Relevance: 1.4, Strings: 1, Instructions: 166COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.1595932109.0000000000630000.00000040.00001000.00020000.00000000.sdmp, Offset: 00630000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_630000_1.jbxd
                                                                                                                                                                                  Yara matches
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID: @
                                                                                                                                                                                  • API String ID: 0-2766056989
                                                                                                                                                                                  • Opcode ID: b429fb324d769fb60b2ef32831e73699aca438cb2cb143be8f5d2cc4dec08d52
                                                                                                                                                                                  • Instruction ID: 0db6e30f12e3df8db2306b62f64ee3129398951eaa93226cf175ee37d74ea08a
                                                                                                                                                                                  • Opcode Fuzzy Hash: b429fb324d769fb60b2ef32831e73699aca438cb2cb143be8f5d2cc4dec08d52
                                                                                                                                                                                  • Instruction Fuzzy Hash: 1A4123B56043109BD718CF54CC42BABBBA3FFD9314F08891CE4864B3A0E776A804CB82
                                                                                                                                                                                  Function 0043DAA0 Relevance: 1.3, Strings: 1, Instructions: 92COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.1595752443.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                  • Associated: 00000000.00000002.1595752443.0000000000451000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_1.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: InitializeThunk
                                                                                                                                                                                  • String ID: @
                                                                                                                                                                                  • API String ID: 2994545307-2766056989
                                                                                                                                                                                  • Opcode ID: 90c84227e34430fde4c8b1c483914e69fcb24fce38c5d8c423fc969d07467510
                                                                                                                                                                                  • Instruction ID: a23abe0358fa0849b5f663c248be2e251b5f046dfc51c7ea43b64499bc67c0e0
                                                                                                                                                                                  • Opcode Fuzzy Hash: 90c84227e34430fde4c8b1c483914e69fcb24fce38c5d8c423fc969d07467510
                                                                                                                                                                                  • Instruction Fuzzy Hash: FF21DDB15083049FD310DF18E88066BF7F6FBCA328F15992DE58983250D335A918CB96
                                                                                                                                                                                  Function 0066DD07 Relevance: 1.3, Strings: 1, Instructions: 92COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.1595932109.0000000000630000.00000040.00001000.00020000.00000000.sdmp, Offset: 00630000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_630000_1.jbxd
                                                                                                                                                                                  Yara matches
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID: @
                                                                                                                                                                                  • API String ID: 0-2766056989
                                                                                                                                                                                  • Opcode ID: 3987efdfb3614dfadd8c98f81b07eba9240f6c7519f9df5f6bd95a61ae3d1754
                                                                                                                                                                                  • Instruction ID: c80a21c9f6fda4484137b0890c45f68d22a0f3ce548c8535318418cca5bfe13e
                                                                                                                                                                                  • Opcode Fuzzy Hash: 3987efdfb3614dfadd8c98f81b07eba9240f6c7519f9df5f6bd95a61ae3d1754
                                                                                                                                                                                  • Instruction Fuzzy Hash: D521C1B1608344AFC310DF18D880AAAB7F6FFDA364F14892CE5C987350D735A814CBA2
                                                                                                                                                                                  Function 00638C87 Relevance: 1.3, Strings: 1, Instructions: 91COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.1595932109.0000000000630000.00000040.00001000.00020000.00000000.sdmp, Offset: 00630000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_630000_1.jbxd
                                                                                                                                                                                  Yara matches
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID: *t
                                                                                                                                                                                  • API String ID: 0-4279232255
                                                                                                                                                                                  • Opcode ID: 293d11ecb15a4287942a121f2196c36d4946016947497cfec40f8ac486ff9ff3
                                                                                                                                                                                  • Instruction ID: 3eb834d16d5b3b1753fec092124bd1da18c344b9213dd670842b87bf4be20d6e
                                                                                                                                                                                  • Opcode Fuzzy Hash: 293d11ecb15a4287942a121f2196c36d4946016947497cfec40f8ac486ff9ff3
                                                                                                                                                                                  • Instruction Fuzzy Hash: 7621DB77E519204BE310CD56CC407917796A7C9338F3E86B8C9689B796D53BAD0386C0
                                                                                                                                                                                  Function 00428290 Relevance: 1.3, Strings: 1, Instructions: 86COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.1595752443.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                  • Associated: 00000000.00000002.1595752443.0000000000451000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_1.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID: $
                                                                                                                                                                                  • API String ID: 0-3993045852
                                                                                                                                                                                  • Opcode ID: 7e9eeca076646084577e87f5d9acb102ddda44551bdeeca6dda54682bffb2a07
                                                                                                                                                                                  • Instruction ID: 7a068acf58ebef1d210fa69d69541f2c5c9bc79e2dec821b2b4ff52ea8107aaa
                                                                                                                                                                                  • Opcode Fuzzy Hash: 7e9eeca076646084577e87f5d9acb102ddda44551bdeeca6dda54682bffb2a07
                                                                                                                                                                                  • Instruction Fuzzy Hash: 762136367593605BE314CF659C81B5FB7B2DBC1700F0AC42DA4D99B2C6C9B8D80A8756
                                                                                                                                                                                  Function 006584F7 Relevance: 1.3, Strings: 1, Instructions: 86COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.1595932109.0000000000630000.00000040.00001000.00020000.00000000.sdmp, Offset: 00630000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_630000_1.jbxd
                                                                                                                                                                                  Yara matches
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID: $
                                                                                                                                                                                  • API String ID: 0-3993045852
                                                                                                                                                                                  • Opcode ID: 7e9eeca076646084577e87f5d9acb102ddda44551bdeeca6dda54682bffb2a07
                                                                                                                                                                                  • Instruction ID: 98d235d6f1d951769b6311054dab2852de27a7c27667cc2002bb0ef2e64042e4
                                                                                                                                                                                  • Opcode Fuzzy Hash: 7e9eeca076646084577e87f5d9acb102ddda44551bdeeca6dda54682bffb2a07
                                                                                                                                                                                  • Instruction Fuzzy Hash: 272136366583505BE314CF659C81B5FB7B2DBC1700F0AC43CA5D9AB2C6D9B8D80A8796
                                                                                                                                                                                  Function 0066C7FC Relevance: 1.3, Strings: 1, Instructions: 72COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.1595932109.0000000000630000.00000040.00001000.00020000.00000000.sdmp, Offset: 00630000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_630000_1.jbxd
                                                                                                                                                                                  Yara matches
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID: 9.
                                                                                                                                                                                  • API String ID: 0-3220845746
                                                                                                                                                                                  • Opcode ID: 2f0db2e05e433de1ce6d0a08f8de5200b539344b76bcb4890074e0b57ffa2b30
                                                                                                                                                                                  • Instruction ID: 92d6630c65f1169e29ba2d5441f4712914d05465c3a0ecff4648cc5249ab6725
                                                                                                                                                                                  • Opcode Fuzzy Hash: 2f0db2e05e433de1ce6d0a08f8de5200b539344b76bcb4890074e0b57ffa2b30
                                                                                                                                                                                  • Instruction Fuzzy Hash: BD112934A40A108BDB248F24DC54BBA7FE2FB5A330F189A2CC491AB3E1C3709C05CB84
                                                                                                                                                                                  Function 0064536D Relevance: 1.3, Strings: 1, Instructions: 55COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.1595932109.0000000000630000.00000040.00001000.00020000.00000000.sdmp, Offset: 00630000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_630000_1.jbxd
                                                                                                                                                                                  Yara matches
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID: D]+\
                                                                                                                                                                                  • API String ID: 0-1174097187
                                                                                                                                                                                  • Opcode ID: 10b7da352227ad69995a6a93ce2ed4aecaec4f31f23e1732a48b340c8dcc62f9
                                                                                                                                                                                  • Instruction ID: a52c77387ac51ba768457df2a25f0a392c8c22d22c37066a6be6a7c636750999
                                                                                                                                                                                  • Opcode Fuzzy Hash: 10b7da352227ad69995a6a93ce2ed4aecaec4f31f23e1732a48b340c8dcc62f9
                                                                                                                                                                                  • Instruction Fuzzy Hash: 5A019E34608640DFC75AAF14D880C7EB7B2FB5A744F24596CF08256262EBB0D806CB06
                                                                                                                                                                                  Function 006483BE Relevance: 1.3, Strings: 1, Instructions: 53COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.1595932109.0000000000630000.00000040.00001000.00020000.00000000.sdmp, Offset: 00630000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_630000_1.jbxd
                                                                                                                                                                                  Yara matches
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID: K
                                                                                                                                                                                  • API String ID: 0-856455061
                                                                                                                                                                                  • Opcode ID: 8d37e6ccbb4f3aa2f241c2daf0d95534b8e8f5badda7f9466af137ddecd97f25
                                                                                                                                                                                  • Instruction ID: 4dd7d393ad2b92938ee1194665bb5fe221c1be6ee36c1744c6e7903bc1d84d8d
                                                                                                                                                                                  • Opcode Fuzzy Hash: 8d37e6ccbb4f3aa2f241c2daf0d95534b8e8f5badda7f9466af137ddecd97f25
                                                                                                                                                                                  • Instruction Fuzzy Hash: 7D01B5206183824BE7498F3594607FBBBD29BD3314F28597DC0C297282DA39C546C716
                                                                                                                                                                                  Function 0043BC14 Relevance: 1.3, Strings: 1, Instructions: 37COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.1595752443.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                  • Associated: 00000000.00000002.1595752443.0000000000451000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_1.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 0-3019521637
                                                                                                                                                                                  • Opcode ID: 6d2294f8cacab3f0f970d0ee1678d9506feb83dbf5f0a7d4737b5ff95201ad51
                                                                                                                                                                                  • Instruction ID: 7f4b09913f0c4abacf42e2bbe7559fe01a60ae4286a92feb91b620ed9f74a0dd
                                                                                                                                                                                  • Opcode Fuzzy Hash: 6d2294f8cacab3f0f970d0ee1678d9506feb83dbf5f0a7d4737b5ff95201ad51
                                                                                                                                                                                  • Instruction Fuzzy Hash: B3F04F24A149544FEBE18F78985A3BF6BE0E717214F202DB8C64EE32E1DD2888814B0C
                                                                                                                                                                                  Function 0066BE7B Relevance: 1.3, Strings: 1, Instructions: 37COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.1595932109.0000000000630000.00000040.00001000.00020000.00000000.sdmp, Offset: 00630000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_630000_1.jbxd
                                                                                                                                                                                  Yara matches
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 0-3019521637
                                                                                                                                                                                  • Opcode ID: 6d2294f8cacab3f0f970d0ee1678d9506feb83dbf5f0a7d4737b5ff95201ad51
                                                                                                                                                                                  • Instruction ID: 4fc04c1b03716198f2b259dfa08715309cf8345f2e5aacb0d32e3d88f88a292b
                                                                                                                                                                                  • Opcode Fuzzy Hash: 6d2294f8cacab3f0f970d0ee1678d9506feb83dbf5f0a7d4737b5ff95201ad51
                                                                                                                                                                                  • Instruction Fuzzy Hash: 6CF068246149544FEBE18F7C94597FE6BF1E717214F202DB8C64EE32D1DD2488814B0C
                                                                                                                                                                                  Function 00653277 Relevance: 1.3, Strings: 1, Instructions: 22COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.1595932109.0000000000630000.00000040.00001000.00020000.00000000.sdmp, Offset: 00630000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_630000_1.jbxd
                                                                                                                                                                                  Yara matches
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID: 20B
                                                                                                                                                                                  • API String ID: 0-2671443619
                                                                                                                                                                                  • Opcode ID: 62fe03a000639e215479e67941504b3fa6485a86cefae2677c2b7a89a3c3a8a8
                                                                                                                                                                                  • Instruction ID: cb50e61f15daa002ea018f7bbd85eaed4588951030c70a362db07609565b3d31
                                                                                                                                                                                  • Opcode Fuzzy Hash: 62fe03a000639e215479e67941504b3fa6485a86cefae2677c2b7a89a3c3a8a8
                                                                                                                                                                                  • Instruction Fuzzy Hash: ECC04C3454D2908FC345CF24D891A75BB75AF8B204B24B585C18467266C230E411C75D
                                                                                                                                                                                  Function 0043D140 Relevance: .8, Instructions: 757COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.1595752443.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                  • Associated: 00000000.00000002.1595752443.0000000000451000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_1.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: a3fcc00706a376c52207e30c628e70039b49eec27027567f79dcaef42f4181ae
                                                                                                                                                                                  • Instruction ID: 09edd9b6824f7118e743e247c6caaa2d8346ae838c78279bd6518b238456887a
                                                                                                                                                                                  • Opcode Fuzzy Hash: a3fcc00706a376c52207e30c628e70039b49eec27027567f79dcaef42f4181ae
                                                                                                                                                                                  • Instruction Fuzzy Hash: 7322F135A18211CFC718CF28E89066AB3E2FF8E314F1A85BDD88987361D7359C56CB85
                                                                                                                                                                                  Function 0043D240 Relevance: .7, Instructions: 680COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.1595752443.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                  • Associated: 00000000.00000002.1595752443.0000000000451000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_1.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: e2737c5b692eef4bf979ada24bbf84132d367630623e6fad0c759472e3793d7e
                                                                                                                                                                                  • Instruction ID: 4679e6a336faba0d4c754def8558a71faad8fd56cbe72a70089788c064fe4e67
                                                                                                                                                                                  • Opcode Fuzzy Hash: e2737c5b692eef4bf979ada24bbf84132d367630623e6fad0c759472e3793d7e
                                                                                                                                                                                  • Instruction Fuzzy Hash: 2E12C035B18211CFC708CF28E89066AB7E2FF8A315F1A85BDD58587362D7359C16CB85
                                                                                                                                                                                  Function 00402F40 Relevance: .7, Instructions: 671COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.1595752443.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                  • Associated: 00000000.00000002.1595752443.0000000000451000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_1.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 42edef53a1db2b3de2c06a60c4f32876a63e42617b2c0b108f141745477d7c97
                                                                                                                                                                                  • Instruction ID: 10a1896c11c9b4cf948b9c5efea56f37b0174fe3a4635bb59760018f033c31bb
                                                                                                                                                                                  • Opcode Fuzzy Hash: 42edef53a1db2b3de2c06a60c4f32876a63e42617b2c0b108f141745477d7c97
                                                                                                                                                                                  • Instruction Fuzzy Hash: 1F52D1715083459FCB14CF18C0906AABFE1BF89305F18897EF8996B391D778E949CB89
                                                                                                                                                                                  Function 00406660 Relevance: .7, Instructions: 665COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.1595752443.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                  • Associated: 00000000.00000002.1595752443.0000000000451000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_1.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 2171784f814f632bf2032d51838b6d5a64323bd3e6919e85c74ac7133d42958b
                                                                                                                                                                                  • Instruction ID: 33e4dfb547181a1e29e1d2858cddb849cb48b514a2d6b45a9a7b5fedc99b7b3d
                                                                                                                                                                                  • Opcode Fuzzy Hash: 2171784f814f632bf2032d51838b6d5a64323bd3e6919e85c74ac7133d42958b
                                                                                                                                                                                  • Instruction Fuzzy Hash: 2B5206B0A08B848FE734DB24C4843A7BBE1AB91314F15883FD5D7167C2C37DA9958B5A
                                                                                                                                                                                  Function 006368C7 Relevance: .7, Instructions: 665COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.1595932109.0000000000630000.00000040.00001000.00020000.00000000.sdmp, Offset: 00630000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_630000_1.jbxd
                                                                                                                                                                                  Yara matches
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: debe3aa54478002ff5fc8390f08f26bc0bdd7817bab62852bddf283ee8947fc6
                                                                                                                                                                                  • Instruction ID: 037773b84373e3af7a7ea8d04ddc8a1f7be6f0f8db2c92db878982cf834d5a33
                                                                                                                                                                                  • Opcode Fuzzy Hash: debe3aa54478002ff5fc8390f08f26bc0bdd7817bab62852bddf283ee8947fc6
                                                                                                                                                                                  • Instruction Fuzzy Hash: 4052D3B090CB849FE735CB24C4843E7BBE2EF51314F14986EE5E606B82C379A985C795
                                                                                                                                                                                  Function 00407440 Relevance: .7, Instructions: 664COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.1595752443.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                  • Associated: 00000000.00000002.1595752443.0000000000451000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_1.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 4e5480c954f944f2d77b15b2a4e6c9b00cb7734c87ff60cc96a3044481aca68b
                                                                                                                                                                                  • Instruction ID: c6e7e0eecc3ae9082c8c74c14a25bc73344ef5ca37a1c3531291a6eafb6908a2
                                                                                                                                                                                  • Opcode Fuzzy Hash: 4e5480c954f944f2d77b15b2a4e6c9b00cb7734c87ff60cc96a3044481aca68b
                                                                                                                                                                                  • Instruction Fuzzy Hash: 8722A431A0C7158BD7249F18D8406ABB3E1AFD4319F29893ED986A7381D738B855CB47
                                                                                                                                                                                  Function 006376A7 Relevance: .7, Instructions: 664COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.1595932109.0000000000630000.00000040.00001000.00020000.00000000.sdmp, Offset: 00630000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_630000_1.jbxd
                                                                                                                                                                                  Yara matches
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 4e5480c954f944f2d77b15b2a4e6c9b00cb7734c87ff60cc96a3044481aca68b
                                                                                                                                                                                  • Instruction ID: de15e839ac6634f0479c9ba8db11f5f26646d0fcc24332b663087a9c42b80dfa
                                                                                                                                                                                  • Opcode Fuzzy Hash: 4e5480c954f944f2d77b15b2a4e6c9b00cb7734c87ff60cc96a3044481aca68b
                                                                                                                                                                                  • Instruction Fuzzy Hash: DD22C172A0C7158BC7349F18D8806BBB3E2EFD4319F29892DD98697381D734E915CB86
                                                                                                                                                                                  Function 0043D320 Relevance: .6, Instructions: 614COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.1595752443.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                  • Associated: 00000000.00000002.1595752443.0000000000451000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_1.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 0348998473e603e5a6bf7d19131a00fdd9a8759c6e7396405e3842d0d57e6c07
                                                                                                                                                                                  • Instruction ID: 03c7728c06a80075bff75482d86f84a640b99996bc75eef7517ca1c9b36ab2c3
                                                                                                                                                                                  • Opcode Fuzzy Hash: 0348998473e603e5a6bf7d19131a00fdd9a8759c6e7396405e3842d0d57e6c07
                                                                                                                                                                                  • Instruction Fuzzy Hash: 1402C036B18211CFC718CF28D89066AB7E2EF8E314F1A85BDD48987361DB359D16CB84
                                                                                                                                                                                  Function 00403960 Relevance: .6, Instructions: 600COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.1595752443.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                  • Associated: 00000000.00000002.1595752443.0000000000451000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_1.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 64be1dee52ca3f1930af7bd376fc271ff329b71b8f0f2b97bf7338e7a5df3d5e
                                                                                                                                                                                  • Instruction ID: 01c805ea27f4210f73e5aff1426b042496eb29479a64ade4066010a02085dfbe
                                                                                                                                                                                  • Opcode Fuzzy Hash: 64be1dee52ca3f1930af7bd376fc271ff329b71b8f0f2b97bf7338e7a5df3d5e
                                                                                                                                                                                  • Instruction Fuzzy Hash: C8323470914B118FC328CF29C68052ABBF5BF85711B604A2ED697A7F90D73AF945CB18
                                                                                                                                                                                  Function 00633BC7 Relevance: .6, Instructions: 600COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.1595932109.0000000000630000.00000040.00001000.00020000.00000000.sdmp, Offset: 00630000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_630000_1.jbxd
                                                                                                                                                                                  Yara matches
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 330cdb504d0581177fee4162548ce1b038345f9227f4fbf34d975ef9116b19f5
                                                                                                                                                                                  • Instruction ID: 3cb26560e879aa1417b3ed9b641facf337435f45aab6678488ec62a57fb91698
                                                                                                                                                                                  • Opcode Fuzzy Hash: 330cdb504d0581177fee4162548ce1b038345f9227f4fbf34d975ef9116b19f5
                                                                                                                                                                                  • Instruction Fuzzy Hash: 95321370914B218FC368CF29C58056AFBF2BF55710B604A2ED6A787B90D736F985CB90
                                                                                                                                                                                  Function 0043D3B0 Relevance: .6, Instructions: 579COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.1595752443.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                  • Associated: 00000000.00000002.1595752443.0000000000451000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_1.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 6e0e7846e4439ebff84f1593816a79c2f7d016140d17953ee0229bee72f4a158
                                                                                                                                                                                  • Instruction ID: 73d0789c1702903ac926723819fe12cea8d3290aa083f1795b1d9562df3555e1
                                                                                                                                                                                  • Opcode Fuzzy Hash: 6e0e7846e4439ebff84f1593816a79c2f7d016140d17953ee0229bee72f4a158
                                                                                                                                                                                  • Instruction Fuzzy Hash: 46F1D136A18211CFC718CF28D89066AB7E2EFCE314F1A85BDD88997351DB359D16CB84
                                                                                                                                                                                  Function 0043D450 Relevance: .6, Instructions: 567COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.1595752443.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                  • Associated: 00000000.00000002.1595752443.0000000000451000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_1.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 42d267e22c8e179ee41f79313aff6fc4530887a9dd776231226a22d0053e9683
                                                                                                                                                                                  • Instruction ID: 3db2ca295eb21283f83b90119e3f16608ea6f40284dd53eadbc7e127a03ffe4e
                                                                                                                                                                                  • Opcode Fuzzy Hash: 42d267e22c8e179ee41f79313aff6fc4530887a9dd776231226a22d0053e9683
                                                                                                                                                                                  • Instruction Fuzzy Hash: 72F11636A18211CFC718CF28D89066AB7E2EFCE314F1A89BDD88597351DB359D12CB85
                                                                                                                                                                                  Function 00437790 Relevance: .5, Instructions: 506COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.1595752443.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                  • Associated: 00000000.00000002.1595752443.0000000000451000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_1.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 8eec5536c5b20e523d54bbb8ec700205349de528f475ad4cd7e8afd217d4d674
                                                                                                                                                                                  • Instruction ID: 1fa58a256ad726d162af61c6a4ba65c3f65b1c06421518291ba0ea82c3a5a395
                                                                                                                                                                                  • Opcode Fuzzy Hash: 8eec5536c5b20e523d54bbb8ec700205349de528f475ad4cd7e8afd217d4d674
                                                                                                                                                                                  • Instruction Fuzzy Hash: 7AE167B26083148BD324DF24C89166BB7A2FBC9318F19A92EE8C597345D739EC06C785
                                                                                                                                                                                  Function 006679F7 Relevance: .5, Instructions: 506COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.1595932109.0000000000630000.00000040.00001000.00020000.00000000.sdmp, Offset: 00630000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_630000_1.jbxd
                                                                                                                                                                                  Yara matches
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 75d0d20039ea909b85a084289a16d68fe75e8375b8f3326ba79df7c5e0795268
                                                                                                                                                                                  • Instruction ID: 580e1f12e6b0cc868e9ead9667532f95fda9dfe75cdd6eba334f008400c97ce9
                                                                                                                                                                                  • Opcode Fuzzy Hash: 75d0d20039ea909b85a084289a16d68fe75e8375b8f3326ba79df7c5e0795268
                                                                                                                                                                                  • Instruction Fuzzy Hash: 53E124726083508FC714CF24C891AAFB7A3FBC5318F19896CE88597355DB76AD0AC791
                                                                                                                                                                                  Function 0042D110 Relevance: .5, Instructions: 480COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.1595752443.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                  • Associated: 00000000.00000002.1595752443.0000000000451000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_1.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 29a8ddeed1ebe3bead88d18fc561b452afa26049903d73b912e8a19cbbd2395d
                                                                                                                                                                                  • Instruction ID: e5185028bff9af346e08d9535bd2e039f4441f72f04a58ed302560d1b2c9d229
                                                                                                                                                                                  • Opcode Fuzzy Hash: 29a8ddeed1ebe3bead88d18fc561b452afa26049903d73b912e8a19cbbd2395d
                                                                                                                                                                                  • Instruction Fuzzy Hash: D02209F0911B009FD3A5CF29C845797BBE9EB8A314F51892EE0AEC7311C7756901CB9A
                                                                                                                                                                                  Function 004220C0 Relevance: .4, Instructions: 416COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.1595752443.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                  • Associated: 00000000.00000002.1595752443.0000000000451000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_1.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 773dc30cdd2fe82c9d74818a7543e70d66cd363a1d5d19782417fd10ae78ebe8
                                                                                                                                                                                  • Instruction ID: fc952f579eea347776908a5a29ff028f339c6c982eb336d8bcb15ade13b7d23f
                                                                                                                                                                                  • Opcode Fuzzy Hash: 773dc30cdd2fe82c9d74818a7543e70d66cd363a1d5d19782417fd10ae78ebe8
                                                                                                                                                                                  • Instruction Fuzzy Hash: A8A13971B08320ABD710DB25E95167BB3E1EF91314F98892DECC597381E77CE905836A
                                                                                                                                                                                  Function 00652327 Relevance: .4, Instructions: 416COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.1595932109.0000000000630000.00000040.00001000.00020000.00000000.sdmp, Offset: 00630000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_630000_1.jbxd
                                                                                                                                                                                  Yara matches
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: cc4ce578f6c75970c38f5fe7feba3d410f88a8e8080f5f57d469e391479e5d57
                                                                                                                                                                                  • Instruction ID: f30370cf883d2ed6021db8c23ded651060881e10668f66500811863481d114b7
                                                                                                                                                                                  • Opcode Fuzzy Hash: cc4ce578f6c75970c38f5fe7feba3d410f88a8e8080f5f57d469e391479e5d57
                                                                                                                                                                                  • Instruction Fuzzy Hash: E6A1D7716043529BD7109F24C8A1ABBB3E2EF92315F19892CFCC597341E735D949C3A6
                                                                                                                                                                                  Function 00405970 Relevance: .4, Instructions: 400COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.1595752443.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                  • Associated: 00000000.00000002.1595752443.0000000000451000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_1.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 6aba2e7236a2e9aceeb2528f5b0b9aaecc5cc82245fb39869df27382fd64ba8a
                                                                                                                                                                                  • Instruction ID: 3d82e2c96f9a35271af99bbff5fd50c1def3e007b52f8d5ad7c805350cc6e2bb
                                                                                                                                                                                  • Opcode Fuzzy Hash: 6aba2e7236a2e9aceeb2528f5b0b9aaecc5cc82245fb39869df27382fd64ba8a
                                                                                                                                                                                  • Instruction Fuzzy Hash: 71E16971108741CFD720DF29C880A6BBBE1EF99304F448C2EE4D597792E679E948CB96
                                                                                                                                                                                  Function 00635BD7 Relevance: .4, Instructions: 400COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.1595932109.0000000000630000.00000040.00001000.00020000.00000000.sdmp, Offset: 00630000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_630000_1.jbxd
                                                                                                                                                                                  Yara matches
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 44ce7279b56fa8169ec13a13368719194771adb87650b2a041a7c66ca29ffa36
                                                                                                                                                                                  • Instruction ID: 965fef5e1d35c88971debd2f951f30370c53912b63e9260a78ed7e21e118e9e3
                                                                                                                                                                                  • Opcode Fuzzy Hash: 44ce7279b56fa8169ec13a13368719194771adb87650b2a041a7c66ca29ffa36
                                                                                                                                                                                  • Instruction Fuzzy Hash: EEE17A712087419FC724DF29C880A6BBBE2EF99300F44882DF5DA87751E375E948CB96
                                                                                                                                                                                  Function 00426230 Relevance: .4, Instructions: 389COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.1595752443.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                  • Associated: 00000000.00000002.1595752443.0000000000451000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_1.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: InitializeThunk
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 2994545307-0
                                                                                                                                                                                  • Opcode ID: bbbaf23dde50670b2500864b0c22556b9bf10323c63a95d4c1b385f1415d86cd
                                                                                                                                                                                  • Instruction ID: 8a02be16d1dd0dac6475031a666b285b020a312ea2db780e838c8bd6892e58d2
                                                                                                                                                                                  • Opcode Fuzzy Hash: bbbaf23dde50670b2500864b0c22556b9bf10323c63a95d4c1b385f1415d86cd
                                                                                                                                                                                  • Instruction Fuzzy Hash: 30B17B71B083618BD714DF24E84263BB7E1EF95304F5A896EE88287385D63DDC06C79A
                                                                                                                                                                                  Function 00656497 Relevance: .4, Instructions: 389COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.1595932109.0000000000630000.00000040.00001000.00020000.00000000.sdmp, Offset: 00630000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_630000_1.jbxd
                                                                                                                                                                                  Yara matches
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: d4695906570af46ad0eb9b8773b14a5986ede78b51dae6fc9cb65d7ed68fe73b
                                                                                                                                                                                  • Instruction ID: 108b618f2c4bdad118dce61d3e3d22e9b875741e2cbd3539d008262eee1a9213
                                                                                                                                                                                  • Opcode Fuzzy Hash: d4695906570af46ad0eb9b8773b14a5986ede78b51dae6fc9cb65d7ed68fe73b
                                                                                                                                                                                  • Instruction Fuzzy Hash: 88B149B1A487114BD7148F24C8826ABB7E3EF95305F59896CFC8297381E675DC0EC7A2
                                                                                                                                                                                  Function 00644CB7 Relevance: .4, Instructions: 351COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.1595932109.0000000000630000.00000040.00001000.00020000.00000000.sdmp, Offset: 00630000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_630000_1.jbxd
                                                                                                                                                                                  Yara matches
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 05141268d55921b9efb15025b2a1370daa90e9d9ed9dafacc1d1fcf6f45c65af
                                                                                                                                                                                  • Instruction ID: c451eef6d9b901c8ab13788f491d5a877131d36b0815ded89f59a0c2531d2166
                                                                                                                                                                                  • Opcode Fuzzy Hash: 05141268d55921b9efb15025b2a1370daa90e9d9ed9dafacc1d1fcf6f45c65af
                                                                                                                                                                                  • Instruction Fuzzy Hash: 718125B69457148BC7209F68CC923A7B3A2EF91324F0D9629ECD54B380FBB89945C751
                                                                                                                                                                                  Function 00421D10 Relevance: .3, Instructions: 345COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.1595752443.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                  • Associated: 00000000.00000002.1595752443.0000000000451000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_1.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 3f1053e975ac0f9214e3be28809d76561f1dfe895bf8524a29b79efacabf2756
                                                                                                                                                                                  • Instruction ID: 058f1896609b29239e17c55853b7c403e86bb19c5faff15eb5c727d3e357c6f1
                                                                                                                                                                                  • Opcode Fuzzy Hash: 3f1053e975ac0f9214e3be28809d76561f1dfe895bf8524a29b79efacabf2756
                                                                                                                                                                                  • Instruction Fuzzy Hash: 73A155B1B043119BD7208F24DC92B67B3A5EFD0364F19852DF9998B391E778E801C75A
                                                                                                                                                                                  Function 00651F77 Relevance: .3, Instructions: 345COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.1595932109.0000000000630000.00000040.00001000.00020000.00000000.sdmp, Offset: 00630000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_630000_1.jbxd
                                                                                                                                                                                  Yara matches
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: a7e631f70cfeebc1df7f27ebd76b344da72dba221058e9e6e75dba537abe2d38
                                                                                                                                                                                  • Instruction ID: b6f2d9f5e52c8ca1048686193cbedd9f9628a2ec75db69502a9f9a870232dda2
                                                                                                                                                                                  • Opcode Fuzzy Hash: a7e631f70cfeebc1df7f27ebd76b344da72dba221058e9e6e75dba537abe2d38
                                                                                                                                                                                  • Instruction Fuzzy Hash: 61A127B1A043029BD724CF24CCA1BA7B7A6EFC1325F18851CED898B381E775D949C766
                                                                                                                                                                                  Function 0041D840 Relevance: .3, Instructions: 337COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.1595752443.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                  • Associated: 00000000.00000002.1595752443.0000000000451000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_1.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 50117f4b86ec20ef2211e2c93fd50ca5cb6dfa96d84aad223c250c31f299c276
                                                                                                                                                                                  • Instruction ID: 81ec63a11106820ba3339b6c197a558e120e30c0da52c05f7112fdbb46bfb84e
                                                                                                                                                                                  • Opcode Fuzzy Hash: 50117f4b86ec20ef2211e2c93fd50ca5cb6dfa96d84aad223c250c31f299c276
                                                                                                                                                                                  • Instruction Fuzzy Hash: 46B128B5908301EFD7109F24DC41B5ABBE2BFD8358F144A2EF4A8932A0D7759C56CB46
                                                                                                                                                                                  Function 0064DAA7 Relevance: .3, Instructions: 337COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.1595932109.0000000000630000.00000040.00001000.00020000.00000000.sdmp, Offset: 00630000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_630000_1.jbxd
                                                                                                                                                                                  Yara matches
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 63f7f23a3844ce791695e6eee4ef3e65379e9f52cc760aa8cca2b3a45a1be140
                                                                                                                                                                                  • Instruction ID: e79abf35f72e7a94f6a7d23573e822194c3131e381c43aed9dcda7a14086b200
                                                                                                                                                                                  • Opcode Fuzzy Hash: 63f7f23a3844ce791695e6eee4ef3e65379e9f52cc760aa8cca2b3a45a1be140
                                                                                                                                                                                  • Instruction Fuzzy Hash: BBB1D376E08301AFD7509F24CC41B5ABBE2FFA9314F144A6CF4A8A72A0D7729D56CB41
                                                                                                                                                                                  Function 0043E1F0 Relevance: .3, Instructions: 329COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.1595752443.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                  • Associated: 00000000.00000002.1595752443.0000000000451000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_1.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: InitializeThunk
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 2994545307-0
                                                                                                                                                                                  • Opcode ID: 38d3fb69c72ad9915e487f664d809be891a70f91148932fdb8aa9944d5e35ea4
                                                                                                                                                                                  • Instruction ID: 47276aa64b5d9a2b82d2d0f24cba58bed92c7377cf0ee76404e11e7fc952c9e2
                                                                                                                                                                                  • Opcode Fuzzy Hash: 38d3fb69c72ad9915e487f664d809be891a70f91148932fdb8aa9944d5e35ea4
                                                                                                                                                                                  • Instruction Fuzzy Hash: 9E91EF316093119BC724CF29D880A6BB3E2FF9C714F19992DE98187391DB78EC11CB86
                                                                                                                                                                                  Function 0066E457 Relevance: .3, Instructions: 329COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.1595932109.0000000000630000.00000040.00001000.00020000.00000000.sdmp, Offset: 00630000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_630000_1.jbxd
                                                                                                                                                                                  Yara matches
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: a4d6f9712397e7508911c777de9812b6e64d882a15e45fd0c8ed7c9c5354f2b4
                                                                                                                                                                                  • Instruction ID: 279864a1ce7cf99321a8df895e4ee12d2faa67814ee585d38757e4680c0e8b14
                                                                                                                                                                                  • Opcode Fuzzy Hash: a4d6f9712397e7508911c777de9812b6e64d882a15e45fd0c8ed7c9c5354f2b4
                                                                                                                                                                                  • Instruction Fuzzy Hash: B791D3797083519BC724CF28C89096BB7E3FF99714F19852CE98597390DB72AC51CB82
                                                                                                                                                                                  Function 0042DFC3 Relevance: .3, Instructions: 327COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.1595752443.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                  • Associated: 00000000.00000002.1595752443.0000000000451000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_1.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: ca8d3102f2d7d0810326b730d76ca4776b7366c0eec700305c6cc8618647d351
                                                                                                                                                                                  • Instruction ID: e7e3b665f81c1e4c66788830fcd0398c1d66b1bc4bf5db20d75ab49ddf230662
                                                                                                                                                                                  • Opcode Fuzzy Hash: ca8d3102f2d7d0810326b730d76ca4776b7366c0eec700305c6cc8618647d351
                                                                                                                                                                                  • Instruction Fuzzy Hash: 1DD1E072608B814BD319CA39C8913A7BFD29BD6324F19CA7DD4EB877C6D678A405C702
                                                                                                                                                                                  Function 0065E22A Relevance: .3, Instructions: 327COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.1595932109.0000000000630000.00000040.00001000.00020000.00000000.sdmp, Offset: 00630000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_630000_1.jbxd
                                                                                                                                                                                  Yara matches
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: ca8d3102f2d7d0810326b730d76ca4776b7366c0eec700305c6cc8618647d351
                                                                                                                                                                                  • Instruction ID: 6c39863b6771f409dda18cab4a0680b92de891f6a38c75ed4940377432aa98f0
                                                                                                                                                                                  • Opcode Fuzzy Hash: ca8d3102f2d7d0810326b730d76ca4776b7366c0eec700305c6cc8618647d351
                                                                                                                                                                                  • Instruction Fuzzy Hash: 82D1D172608B804BD319CA3888953A7BFD25FD6324F19CA7DD4EB877D6D978A405C702
                                                                                                                                                                                  Function 0043DEB0 Relevance: .3, Instructions: 319COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.1595752443.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                  • Associated: 00000000.00000002.1595752443.0000000000451000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_1.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: InitializeThunk
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 2994545307-0
                                                                                                                                                                                  • Opcode ID: 023a5c84a93ffe7f345a1e79ef69c4e759d4672d58fbad19b6de4dd657955141
                                                                                                                                                                                  • Instruction ID: f9b32997927adf8b73f28c9f5c643208c40552f59aac348288c506f43fecb81e
                                                                                                                                                                                  • Opcode Fuzzy Hash: 023a5c84a93ffe7f345a1e79ef69c4e759d4672d58fbad19b6de4dd657955141
                                                                                                                                                                                  • Instruction Fuzzy Hash: 9B91FF356052118BC728DF19D890A2BB3E2FFCD710F15952DE8868B3A1DB34EC11CB8A
                                                                                                                                                                                  Function 0066E117 Relevance: .3, Instructions: 319COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.1595932109.0000000000630000.00000040.00001000.00020000.00000000.sdmp, Offset: 00630000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_630000_1.jbxd
                                                                                                                                                                                  Yara matches
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 9dfe86e01db615fded3b1a6999251e8f94e711860ff482eaae1eb0032a72c8bb
                                                                                                                                                                                  • Instruction ID: 276dd77073df081a51e0e9c10977f3cdbd42d94689611042a7cfbebebe7a4f0b
                                                                                                                                                                                  • Opcode Fuzzy Hash: 9dfe86e01db615fded3b1a6999251e8f94e711860ff482eaae1eb0032a72c8bb
                                                                                                                                                                                  • Instruction Fuzzy Hash: 3291CF796042019FC719DF28C890A6AB3E3FFD9714F15856CE8859B3A1DB32EC11DB82
                                                                                                                                                                                  Function 00647472 Relevance: .3, Instructions: 314COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.1595932109.0000000000630000.00000040.00001000.00020000.00000000.sdmp, Offset: 00630000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_630000_1.jbxd
                                                                                                                                                                                  Yara matches
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 4d7fe286fe88c55c4d95f7046e949b0e609347145802e131d6884ab40dd08542
                                                                                                                                                                                  • Instruction ID: fbbe97209395518462e62efb8b9b07d00eb7374c0b5ba1ff72ba9405c69f6f33
                                                                                                                                                                                  • Opcode Fuzzy Hash: 4d7fe286fe88c55c4d95f7046e949b0e609347145802e131d6884ab40dd08542
                                                                                                                                                                                  • Instruction Fuzzy Hash: 5C71BE7560C6418BD729CF24D881ABBB3A7FBE6304F19987CD5829B312DB319C068B56
                                                                                                                                                                                  Function 004061D0 Relevance: .3, Instructions: 303COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.1595752443.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                  • Associated: 00000000.00000002.1595752443.0000000000451000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_1.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: b5140ca86dd5b4bcaba2cb1346e0d6ff8cb35f9844ba483e5f1b1bd21b4eb7be
                                                                                                                                                                                  • Instruction ID: a4cac98e093414ac00feeaa77e86644c746bcb872c4228b6957e055f05eb63ac
                                                                                                                                                                                  • Opcode Fuzzy Hash: b5140ca86dd5b4bcaba2cb1346e0d6ff8cb35f9844ba483e5f1b1bd21b4eb7be
                                                                                                                                                                                  • Instruction Fuzzy Hash: 09C17CB29487418FC320CF28DC86BABB7E1BF85318F09493DD1DAD6242E778A155CB46
                                                                                                                                                                                  Function 00636437 Relevance: .3, Instructions: 303COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.1595932109.0000000000630000.00000040.00001000.00020000.00000000.sdmp, Offset: 00630000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_630000_1.jbxd
                                                                                                                                                                                  Yara matches
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: b5140ca86dd5b4bcaba2cb1346e0d6ff8cb35f9844ba483e5f1b1bd21b4eb7be
                                                                                                                                                                                  • Instruction ID: 92416aad0885bf69965b59ed7de67f5108653b21e4eb8b5256f93d307cc493dc
                                                                                                                                                                                  • Opcode Fuzzy Hash: b5140ca86dd5b4bcaba2cb1346e0d6ff8cb35f9844ba483e5f1b1bd21b4eb7be
                                                                                                                                                                                  • Instruction Fuzzy Hash: D8C15CB29087419FC360CF68CC96BABB7F1AF85318F08892DE1D9C6342D778A155CB46
                                                                                                                                                                                  Function 00428C46 Relevance: .3, Instructions: 285COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.1595752443.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                  • Associated: 00000000.00000002.1595752443.0000000000451000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_1.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 65554998bd0876a375a2ef717c27ab952276019b9caf08f9c1f611e05765dbda
                                                                                                                                                                                  • Instruction ID: ef429f65cdb4ee7f551f018bdeb50cfa827209b880827af777f5be82fce178b2
                                                                                                                                                                                  • Opcode Fuzzy Hash: 65554998bd0876a375a2ef717c27ab952276019b9caf08f9c1f611e05765dbda
                                                                                                                                                                                  • Instruction Fuzzy Hash: 50A102B06083918FD714CF68D89265FB7E1EF96304F44492DF5958B392E778E805CB4A
                                                                                                                                                                                  Function 004460D5 Relevance: .3, Instructions: 277COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.1595752443.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                  • Associated: 00000000.00000002.1595752443.0000000000451000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_1.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 67120008fcedfbcf51f68b3d9dc6a2e1298b54b99595f95a5e4b5ab4a625fcf4
                                                                                                                                                                                  • Instruction ID: 80ef9cbddf744eb33a10a15b6e4a986993606ee598fd7e1b06339584008e6fc6
                                                                                                                                                                                  • Opcode Fuzzy Hash: 67120008fcedfbcf51f68b3d9dc6a2e1298b54b99595f95a5e4b5ab4a625fcf4
                                                                                                                                                                                  • Instruction Fuzzy Hash: B3919B6998D2C05FDB028B7449E91C1BFA0FD1312436DA6DFCCE68E047D60CA14BEB66
                                                                                                                                                                                  Function 0043DBB0 Relevance: .3, Instructions: 269COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.1595752443.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                  • Associated: 00000000.00000002.1595752443.0000000000451000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_1.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: InitializeThunk
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 2994545307-0
                                                                                                                                                                                  • Opcode ID: 1b9004c99c3e8fb10f488731d239bf177f1311b5247ffc605605c396f578e90a
                                                                                                                                                                                  • Instruction ID: 0bb5358823ca19faea0024899962b23b6631256abee3cb20e7358cbf689dc8d4
                                                                                                                                                                                  • Opcode Fuzzy Hash: 1b9004c99c3e8fb10f488731d239bf177f1311b5247ffc605605c396f578e90a
                                                                                                                                                                                  • Instruction Fuzzy Hash: 6B817736E046149BC724AF28D88167BB7A3EFD8710F19D12DE8C98B354EB34AD11C789
                                                                                                                                                                                  Function 0066DE17 Relevance: .3, Instructions: 269COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.1595932109.0000000000630000.00000040.00001000.00020000.00000000.sdmp, Offset: 00630000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_630000_1.jbxd
                                                                                                                                                                                  Yara matches
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 24c91aacc9be0785a1ade04a120cb2fd53f836276e8d389eeda56f85202df24b
                                                                                                                                                                                  • Instruction ID: c289a2a31bb7d75f3bca3d7cc3d8309391ec918d0b3541113fb4e17291d89191
                                                                                                                                                                                  • Opcode Fuzzy Hash: 24c91aacc9be0785a1ade04a120cb2fd53f836276e8d389eeda56f85202df24b
                                                                                                                                                                                  • Instruction Fuzzy Hash: BD815876A042149BC7249F28C880ABFB7A3EFD9710F19C56CE8C59B354EB71AD21C781
                                                                                                                                                                                  Function 0041D560 Relevance: .3, Instructions: 267COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.1595752443.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                  • Associated: 00000000.00000002.1595752443.0000000000451000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_1.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: e873b81ed12660d16a09e44f5a944882d5d5f9f7288e937d30a2de1e2c07ff79
                                                                                                                                                                                  • Instruction ID: 494c3fb6f51e268f5f46a3a7be25e565d0a98f12c166373c7ff79cb36cd48b0c
                                                                                                                                                                                  • Opcode Fuzzy Hash: e873b81ed12660d16a09e44f5a944882d5d5f9f7288e937d30a2de1e2c07ff79
                                                                                                                                                                                  • Instruction Fuzzy Hash: 3C915BB2E042615FC7158E28C85139F7BE2AB95324F19863EE8B9973C1D7389C4697C1
                                                                                                                                                                                  Function 0064D7C7 Relevance: .3, Instructions: 267COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.1595932109.0000000000630000.00000040.00001000.00020000.00000000.sdmp, Offset: 00630000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_630000_1.jbxd
                                                                                                                                                                                  Yara matches
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 1b2b3dfd705819de440ea8d328ff29dfee81072cb835508420583d96ea5adce8
                                                                                                                                                                                  • Instruction ID: 2b73a46207b2de24c093a1bf4a118d9e952103cb5a15166e71ff3f4d6d917e6b
                                                                                                                                                                                  • Opcode Fuzzy Hash: 1b2b3dfd705819de440ea8d328ff29dfee81072cb835508420583d96ea5adce8
                                                                                                                                                                                  • Instruction Fuzzy Hash: 75914B33E082619FCB158E28C8513AE7BE2AB95324F19863DE8B9973C1D6759C06D7C1
                                                                                                                                                                                  Function 004374F0 Relevance: .2, Instructions: 236COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.1595752443.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                  • Associated: 00000000.00000002.1595752443.0000000000451000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_1.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: bb180659b3fc802b4c08c06ab865b86128b97b0215424bd7245a4e502c711157
                                                                                                                                                                                  • Instruction ID: 4a56e3f7ca00085302a1bcb0606115e1536fe23c549f38f30a864d0625775e88
                                                                                                                                                                                  • Opcode Fuzzy Hash: bb180659b3fc802b4c08c06ab865b86128b97b0215424bd7245a4e502c711157
                                                                                                                                                                                  • Instruction Fuzzy Hash: 8F6156B6218304ABD324DF65DC8576BB3D2FBC8308F14883DE485C7280EB79D9058796
                                                                                                                                                                                  Function 0043A0D0 Relevance: .2, Instructions: 229COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.1595752443.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                  • Associated: 00000000.00000002.1595752443.0000000000451000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_1.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: InitializeThunk
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 2994545307-0
                                                                                                                                                                                  • Opcode ID: 61b9eeb1319222c6045e33a52641f4cf02c090d3ae685552f31b0621e012288e
                                                                                                                                                                                  • Instruction ID: 6c55d75b02587a067ea68875673517618dcfa08c2ba770191f1b4d82ae872d3a
                                                                                                                                                                                  • Opcode Fuzzy Hash: 61b9eeb1319222c6045e33a52641f4cf02c090d3ae685552f31b0621e012288e
                                                                                                                                                                                  • Instruction Fuzzy Hash: E351BD356083008FEB249F24D85173B73E1EB8A704F18D87ED5C297382E636AC118B8B
                                                                                                                                                                                  Function 0066A337 Relevance: .2, Instructions: 229COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.1595932109.0000000000630000.00000040.00001000.00020000.00000000.sdmp, Offset: 00630000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_630000_1.jbxd
                                                                                                                                                                                  Yara matches
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 56608c5bd7c972fe73a1062bbe61c63c76acc9fd583516230cac1b4386917a7f
                                                                                                                                                                                  • Instruction ID: d1d189430bf57da4e569b565e1d41d086557d8c8f2bfe0b2710309aff5208126
                                                                                                                                                                                  • Opcode Fuzzy Hash: 56608c5bd7c972fe73a1062bbe61c63c76acc9fd583516230cac1b4386917a7f
                                                                                                                                                                                  • Instruction Fuzzy Hash: 315145756087008BDB24DF64C845A6BB7E3EB96704F19887CD5C2A7382EA71AC018F86
                                                                                                                                                                                  Function 0043A510 Relevance: .2, Instructions: 222COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.1595752443.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                  • Associated: 00000000.00000002.1595752443.0000000000451000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_1.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 035306e2ca773971fb1d1872edd361061af3377c2b46257439c60e9fa6c0c586
                                                                                                                                                                                  • Instruction ID: d5a99390b8f1aa95634b193ed7d2b6d5b9e9de9a8cf0a96da730486f03d5f500
                                                                                                                                                                                  • Opcode Fuzzy Hash: 035306e2ca773971fb1d1872edd361061af3377c2b46257439c60e9fa6c0c586
                                                                                                                                                                                  • Instruction Fuzzy Hash: FC516936A447104FD7209F2888C126BB792EBDE710F29996EC4C197351D779DC22878B
                                                                                                                                                                                  Function 0066A777 Relevance: .2, Instructions: 222COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.1595932109.0000000000630000.00000040.00001000.00020000.00000000.sdmp, Offset: 00630000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_630000_1.jbxd
                                                                                                                                                                                  Yara matches
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: ce02eb81c4f5f761d7d65612fa0036c48510e782ca1a060b84bf8b1d303f4ef3
                                                                                                                                                                                  • Instruction ID: 71d19e10b3403366cb9a86e05e10178fb7dbe26e7a1d31796bfd4cc1055c750e
                                                                                                                                                                                  • Opcode Fuzzy Hash: ce02eb81c4f5f761d7d65612fa0036c48510e782ca1a060b84bf8b1d303f4ef3
                                                                                                                                                                                  • Instruction Fuzzy Hash: 8D512A39A147108BD7209FA9D8806ABB7A3FBD6714F29867CC5D1AB311C7719C06CF92
                                                                                                                                                                                  Function 0041DFC0 Relevance: .2, Instructions: 219COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.1595752443.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                  • Associated: 00000000.00000002.1595752443.0000000000451000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_1.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 59127a46e9a7e78bcf6d4a70c678a367632e678aaedcca9d42d9198ea8ce6768
                                                                                                                                                                                  • Instruction ID: ccaf80b641deef8fcb7c464833c25913770d1cf2fc15113a063763620dde3291
                                                                                                                                                                                  • Opcode Fuzzy Hash: 59127a46e9a7e78bcf6d4a70c678a367632e678aaedcca9d42d9198ea8ce6768
                                                                                                                                                                                  • Instruction Fuzzy Hash: 86617D37749A904BD3289D7D4C622A679930BD7330B2D837EDAB5C73E1D9A94C424345
                                                                                                                                                                                  Function 0064E227 Relevance: .2, Instructions: 219COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.1595932109.0000000000630000.00000040.00001000.00020000.00000000.sdmp, Offset: 00630000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_630000_1.jbxd
                                                                                                                                                                                  Yara matches
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 59127a46e9a7e78bcf6d4a70c678a367632e678aaedcca9d42d9198ea8ce6768
                                                                                                                                                                                  • Instruction ID: 8c98bd480e72d8b053e3c32cf6feb940bd464c3c80aff973c0d70659901cdaf2
                                                                                                                                                                                  • Opcode Fuzzy Hash: 59127a46e9a7e78bcf6d4a70c678a367632e678aaedcca9d42d9198ea8ce6768
                                                                                                                                                                                  • Instruction Fuzzy Hash: D1613937749A804BD7299D7C4C522A6BA836BD7334B2DC77DD6B1CB3E1D9A64C024380
                                                                                                                                                                                  Function 004230E0 Relevance: .2, Instructions: 190COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.1595752443.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                  • Associated: 00000000.00000002.1595752443.0000000000451000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_1.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: fad9b139809535316ff0b720011ac53e80357f13aaef757bc25e4210e1da3cae
                                                                                                                                                                                  • Instruction ID: e6d23137b51b92a383e9ac11ae91c5de49d3ec10accf3ae583c28b2ab269fd11
                                                                                                                                                                                  • Opcode Fuzzy Hash: fad9b139809535316ff0b720011ac53e80357f13aaef757bc25e4210e1da3cae
                                                                                                                                                                                  • Instruction Fuzzy Hash: C551D039B18212CBE718CF28E85136AB3E2FBC9311F19867CE84697694DB79D811CB44
                                                                                                                                                                                  Function 00435FF0 Relevance: .2, Instructions: 189COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.1595752443.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                  • Associated: 00000000.00000002.1595752443.0000000000451000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_1.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: c9660528848eb795099f5dbc418725243399d0dc5ee54d9a413ace79cd833391
                                                                                                                                                                                  • Instruction ID: 8998a31c5288b8e8d29dad845c536aa4fdc9b23718a1cf34a36765301d0241d0
                                                                                                                                                                                  • Opcode Fuzzy Hash: c9660528848eb795099f5dbc418725243399d0dc5ee54d9a413ace79cd833391
                                                                                                                                                                                  • Instruction Fuzzy Hash: 95517CB15087449FE714DF29D89435BBBE1BBC8318F054E2EE4E983351E379DA088B86
                                                                                                                                                                                  Function 00666257 Relevance: .2, Instructions: 189COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.1595932109.0000000000630000.00000040.00001000.00020000.00000000.sdmp, Offset: 00630000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_630000_1.jbxd
                                                                                                                                                                                  Yara matches
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: c9660528848eb795099f5dbc418725243399d0dc5ee54d9a413ace79cd833391
                                                                                                                                                                                  • Instruction ID: 1168b9d47690dcbe5c0387d10747ec182ada6cb6345ed8879bc12bfee68df70a
                                                                                                                                                                                  • Opcode Fuzzy Hash: c9660528848eb795099f5dbc418725243399d0dc5ee54d9a413ace79cd833391
                                                                                                                                                                                  • Instruction Fuzzy Hash: 7C514CB16087548FE714DF29D49475BBBE1BBC4314F144A2DE4E987350E779DA088B82
                                                                                                                                                                                  Function 004192C0 Relevance: .2, Instructions: 187COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.1595752443.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                  • Associated: 00000000.00000002.1595752443.0000000000451000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_1.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: c987bb2849012a98fa92ba38cb9872b8e2c09d85b95dbf213e42c17d9bb13c80
                                                                                                                                                                                  • Instruction ID: b6b48b49e2ce04e457aa333140cde9ad5d46efccf9dfc3f9defd0387b571751f
                                                                                                                                                                                  • Opcode Fuzzy Hash: c987bb2849012a98fa92ba38cb9872b8e2c09d85b95dbf213e42c17d9bb13c80
                                                                                                                                                                                  • Instruction Fuzzy Hash: 335104B29042158BC7108F24DC627AB73A0FF9A368F08453AFD95873A1E7389C41C75A
                                                                                                                                                                                  Function 0040EDB4 Relevance: .2, Instructions: 180COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.1595752443.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                  • Associated: 00000000.00000002.1595752443.0000000000451000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_1.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: InitializeThunk
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 2994545307-0
                                                                                                                                                                                  • Opcode ID: ec6d47d88970e06f490a809daf3a0ef544cb6e60240f9e8f772fa6520dcf2c0c
                                                                                                                                                                                  • Instruction ID: 66de83c2fec742c95e5d55e29497453cf8568ef0a966fd47b4dc6357c3e645e9
                                                                                                                                                                                  • Opcode Fuzzy Hash: ec6d47d88970e06f490a809daf3a0ef544cb6e60240f9e8f772fa6520dcf2c0c
                                                                                                                                                                                  • Instruction Fuzzy Hash: FE5115756082818FD324CB29D8807BFB7E2BBD9354F24CD3ED48667395DB754842878A
                                                                                                                                                                                  Function 0063F01B Relevance: .2, Instructions: 180COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.1595932109.0000000000630000.00000040.00001000.00020000.00000000.sdmp, Offset: 00630000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_630000_1.jbxd
                                                                                                                                                                                  Yara matches
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 1e1a1454891cb0b2eeb5ed1e96a352d926fc9b142dc6dcf46d72d182d2285763
                                                                                                                                                                                  • Instruction ID: ff682672a4cab7a9f59c80a60aa385b76215a951155fbc4a7db16fb5dedbe7d9
                                                                                                                                                                                  • Opcode Fuzzy Hash: 1e1a1454891cb0b2eeb5ed1e96a352d926fc9b142dc6dcf46d72d182d2285763
                                                                                                                                                                                  • Instruction Fuzzy Hash: 8A51F679A083808BD324CB28D881BEEB7E3BBD5354F24CA3DD48697755DB7158428785
                                                                                                                                                                                  Function 0064AD47 Relevance: .2, Instructions: 179COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.1595932109.0000000000630000.00000040.00001000.00020000.00000000.sdmp, Offset: 00630000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_630000_1.jbxd
                                                                                                                                                                                  Yara matches
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: f3fee0a619be26c3fbbd66b80efcb83d594cc2c983b27a8d0feddf0d8957dbc1
                                                                                                                                                                                  • Instruction ID: 7ac3b1261ae3ce9d2ea5505eb694ef90a7c5c358ffdd6f3e93ded475c621ae90
                                                                                                                                                                                  • Opcode Fuzzy Hash: f3fee0a619be26c3fbbd66b80efcb83d594cc2c983b27a8d0feddf0d8957dbc1
                                                                                                                                                                                  • Instruction Fuzzy Hash: F5512737A8A9914BE3288A7C8C213A56E934FE3330B2DC769E4F1C73E5D5658C479352
                                                                                                                                                                                  Function 0042B078 Relevance: .2, Instructions: 166COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.1595752443.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                  • Associated: 00000000.00000002.1595752443.0000000000451000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_1.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 923bd237ac351128d861a68e4943622d5ee83bbf93f029a73746bdd7f0dd0e9a
                                                                                                                                                                                  • Instruction ID: dbb3674a2e8f73245087c39d645aa7023acca4e3e9b0c8888b481629fceeec0d
                                                                                                                                                                                  • Opcode Fuzzy Hash: 923bd237ac351128d861a68e4943622d5ee83bbf93f029a73746bdd7f0dd0e9a
                                                                                                                                                                                  • Instruction Fuzzy Hash: F94118A460C3E19BE7358F29A8B07B77BD0EF63344F28486DE4DA47342D6784505C796
                                                                                                                                                                                  Function 0065B2DF Relevance: .2, Instructions: 166COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.1595932109.0000000000630000.00000040.00001000.00020000.00000000.sdmp, Offset: 00630000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_630000_1.jbxd
                                                                                                                                                                                  Yara matches
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: e6dfe1dcf6d70a6372e8168d22ab215c3d77de14bf84e6cdb5106257f4021058
                                                                                                                                                                                  • Instruction ID: 959c9fa60d57a3bf76f9bc1a59a6ff42a5e20276f64b5a9d7789ab0e94517c47
                                                                                                                                                                                  • Opcode Fuzzy Hash: e6dfe1dcf6d70a6372e8168d22ab215c3d77de14bf84e6cdb5106257f4021058
                                                                                                                                                                                  • Instruction Fuzzy Hash: 1241286450C3D19BE7358F2998A07BBBFD1AFA3305F28586CE8D68B382D7714909C716
                                                                                                                                                                                  Function 00437D00 Relevance: .2, Instructions: 155COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.1595752443.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                  • Associated: 00000000.00000002.1595752443.0000000000451000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_1.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 1441b7764432b884916013bddde8cdf0b8d9d37675052e32739da692c12e3f40
                                                                                                                                                                                  • Instruction ID: ed0009d1c30cc1f0f657e26407b4ff95fe3cd7fc6b5840a17695d88b0d6138d2
                                                                                                                                                                                  • Opcode Fuzzy Hash: 1441b7764432b884916013bddde8cdf0b8d9d37675052e32739da692c12e3f40
                                                                                                                                                                                  • Instruction Fuzzy Hash: CC4129F6A083145BE720AE15DC82B7BB7A5EF89708F14182DF4C593241E779ED04879A
                                                                                                                                                                                  Function 00667F67 Relevance: .2, Instructions: 155COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.1595932109.0000000000630000.00000040.00001000.00020000.00000000.sdmp, Offset: 00630000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_630000_1.jbxd
                                                                                                                                                                                  Yara matches
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 87abe0b7839f97ee626b5a08aab8ad0b0f348827d51cb2979277c99a62affb4b
                                                                                                                                                                                  • Instruction ID: 8fa9b3f0f27963183bd1a526a0d5a58b2ec6e7c0b038f62c01e4f17c8b92c86e
                                                                                                                                                                                  • Opcode Fuzzy Hash: 87abe0b7839f97ee626b5a08aab8ad0b0f348827d51cb2979277c99a62affb4b
                                                                                                                                                                                  • Instruction Fuzzy Hash: FF4126B2A04304AFE710AE24DC81BBBB7A6EF91304F04092CF985D7241EB77DD088796
                                                                                                                                                                                  Function 006479BF Relevance: .2, Instructions: 154COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.1595932109.0000000000630000.00000040.00001000.00020000.00000000.sdmp, Offset: 00630000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_630000_1.jbxd
                                                                                                                                                                                  Yara matches
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 80ead429051b6b07be6034432fc42727422ba6df5602a686e1dd5d8a166587d0
                                                                                                                                                                                  • Instruction ID: 7f25a8e15db5c42cd1ff86b5ee4bc83b0ed23ce391d2f9bc5aa158c1421d0c1f
                                                                                                                                                                                  • Opcode Fuzzy Hash: 80ead429051b6b07be6034432fc42727422ba6df5602a686e1dd5d8a166587d0
                                                                                                                                                                                  • Instruction Fuzzy Hash: A231FE713482419BDB28CF20D88297F77A7EFDA314F18987CE58A67622C7318D81C70A
                                                                                                                                                                                  Function 00437EA0 Relevance: .2, Instructions: 150COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.1595752443.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                  • Associated: 00000000.00000002.1595752443.0000000000451000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_1.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 49588468f4a352f4693d4c90c6e1848724b645c41352eb3d467dfdc9ac2005af
                                                                                                                                                                                  • Instruction ID: 6a9fe2c3a86d04c0c7890d8e1bc3aa94198f153849a8972f684825c0f30de759
                                                                                                                                                                                  • Opcode Fuzzy Hash: 49588468f4a352f4693d4c90c6e1848724b645c41352eb3d467dfdc9ac2005af
                                                                                                                                                                                  • Instruction Fuzzy Hash: 1D410573A196104BD318CE398C4026BBA936BC9330F2AC73EE9B5D73D5DA7D8C058285
                                                                                                                                                                                  Function 00668107 Relevance: .2, Instructions: 150COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.1595932109.0000000000630000.00000040.00001000.00020000.00000000.sdmp, Offset: 00630000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_630000_1.jbxd
                                                                                                                                                                                  Yara matches
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 49588468f4a352f4693d4c90c6e1848724b645c41352eb3d467dfdc9ac2005af
                                                                                                                                                                                  • Instruction ID: 4390463b8a05e0e4ffe4e17dba72ef4c141738dc59e6d79bd89975a2dd64bf3c
                                                                                                                                                                                  • Opcode Fuzzy Hash: 49588468f4a352f4693d4c90c6e1848724b645c41352eb3d467dfdc9ac2005af
                                                                                                                                                                                  • Instruction Fuzzy Hash: D341E473A19A114FD7188E798C5026BBA936BC5330F2AC73DE9B5D73D5DA7889028281
                                                                                                                                                                                  Function 0066F127 Relevance: .1, Instructions: 141COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.1595932109.0000000000630000.00000040.00001000.00020000.00000000.sdmp, Offset: 00630000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_630000_1.jbxd
                                                                                                                                                                                  Yara matches
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: b1a26e890e7e7af280d6d9c9c1d0802a9288a079687e7636ccdfae66663b224e
                                                                                                                                                                                  • Instruction ID: 6926a99e686939486f6351d73b0e13edcdefb4fe47b434ab20f31b1141e714e3
                                                                                                                                                                                  • Opcode Fuzzy Hash: b1a26e890e7e7af280d6d9c9c1d0802a9288a079687e7636ccdfae66663b224e
                                                                                                                                                                                  • Instruction Fuzzy Hash: CC412379205245EBE7148B68ECD1BBAB3A7EB8A714F24853CE08597290CB70BD11CA45
                                                                                                                                                                                  Function 0043F040 Relevance: .1, Instructions: 138COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.1595752443.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                  • Associated: 00000000.00000002.1595752443.0000000000451000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_1.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: InitializeThunk
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 2994545307-0
                                                                                                                                                                                  • Opcode ID: b9be30967082beee9c520deb51d9857500c34608bddb7789d066780181abbceb
                                                                                                                                                                                  • Instruction ID: d7b0e377107363a4bde1ea531ab8f4f052a45cc3a3bc63747b85af0ac1831aeb
                                                                                                                                                                                  • Opcode Fuzzy Hash: b9be30967082beee9c520deb51d9857500c34608bddb7789d066780181abbceb
                                                                                                                                                                                  • Instruction Fuzzy Hash: 6F412475B05304EFE7148A19DDC0B3BB3A6EB8D718F24953DE0C5972A1CA78BC15C689
                                                                                                                                                                                  Function 0066F2A7 Relevance: .1, Instructions: 138COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.1595932109.0000000000630000.00000040.00001000.00020000.00000000.sdmp, Offset: 00630000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_630000_1.jbxd
                                                                                                                                                                                  Yara matches
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 55bb4bda6fabbcca406025927716148b1444f8647d1b3e073d20ca231547fa20
                                                                                                                                                                                  • Instruction ID: e5173dc2b3c037c97ce914ec077f65c32b1b5b7872de44b7585a2353361a33e1
                                                                                                                                                                                  • Opcode Fuzzy Hash: 55bb4bda6fabbcca406025927716148b1444f8647d1b3e073d20ca231547fa20
                                                                                                                                                                                  • Instruction Fuzzy Hash: 9841F275205305ABE3148B19ECC0FBAB3A7EB89718F28853CE185A7390CB70BC11C785
                                                                                                                                                                                  Function 0043B46A Relevance: .1, Instructions: 131COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.1595752443.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                  • Associated: 00000000.00000002.1595752443.0000000000451000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_1.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 308b0e695bef76961bc0ed1455965661c2b88a6a61b052c21be965f0ad2b0062
                                                                                                                                                                                  • Instruction ID: 72068da91cc225693571a2d0bee7c3217557958dc373b5a5a21772a4d51bfb07
                                                                                                                                                                                  • Opcode Fuzzy Hash: 308b0e695bef76961bc0ed1455965661c2b88a6a61b052c21be965f0ad2b0062
                                                                                                                                                                                  • Instruction Fuzzy Hash: D74136B5E106029BCB08CF39EC611BDBBA2FB95300F18823DD402E7355EB38A555CB89
                                                                                                                                                                                  Function 0066B6D1 Relevance: .1, Instructions: 131COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.1595932109.0000000000630000.00000040.00001000.00020000.00000000.sdmp, Offset: 00630000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_630000_1.jbxd
                                                                                                                                                                                  Yara matches
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 99473b45f3bd1f71c28f16b04a2f0fcafd297f22350cff4f36fc1fa1e5b92728
                                                                                                                                                                                  • Instruction ID: de3075be1d72e121a721a4ee1862b483b35338b99dee190a9cff30959f37ec90
                                                                                                                                                                                  • Opcode Fuzzy Hash: 99473b45f3bd1f71c28f16b04a2f0fcafd297f22350cff4f36fc1fa1e5b92728
                                                                                                                                                                                  • Instruction Fuzzy Hash: 914124B6E146029BCB08CF38DCA11BDBBB3FB95301F08822DE406E7755EB3595558B89
                                                                                                                                                                                  Function 00646E87 Relevance: .1, Instructions: 120COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.1595932109.0000000000630000.00000040.00001000.00020000.00000000.sdmp, Offset: 00630000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_630000_1.jbxd
                                                                                                                                                                                  Yara matches
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 930ff314fe829c673409dd2c0c6ef812c6a89b6bd40871c393eebbfb35fb71af
                                                                                                                                                                                  • Instruction ID: 733a81bb79deaeafaab839d242b1d94f83bb015007c0c4d38df02cc25df16791
                                                                                                                                                                                  • Opcode Fuzzy Hash: 930ff314fe829c673409dd2c0c6ef812c6a89b6bd40871c393eebbfb35fb71af
                                                                                                                                                                                  • Instruction Fuzzy Hash: F0214CF56085019BD7688B20EC42B7A7793FB9B358F28847CF085D3251D7719C55CA1B
                                                                                                                                                                                  Function 006456CC Relevance: .1, Instructions: 100COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.1595932109.0000000000630000.00000040.00001000.00020000.00000000.sdmp, Offset: 00630000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_630000_1.jbxd
                                                                                                                                                                                  Yara matches
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 116bb10cfc64c6b0dad3c8ec34eecdfdec0c3086f4f83d1027ed0d57ca51744b
                                                                                                                                                                                  • Instruction ID: 608f41fafe5b07a7780fb361881c5ff03996914d1edc62911f0e82ff578130df
                                                                                                                                                                                  • Opcode Fuzzy Hash: 116bb10cfc64c6b0dad3c8ec34eecdfdec0c3086f4f83d1027ed0d57ca51744b
                                                                                                                                                                                  • Instruction Fuzzy Hash: 3B21AC38608A00EBE7588B14D892A7EB3A3FB97724F24D87CD48353613D6369C078F59
                                                                                                                                                                                  Function 00416D52 Relevance: .1, Instructions: 99COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.1595752443.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                  • Associated: 00000000.00000002.1595752443.0000000000451000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_1.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: acfc468b7e43bb10b7ff0d0152cbb3a7f5b98f9e373c09cf49a125895592c8d8
                                                                                                                                                                                  • Instruction ID: 973eee2791ebfe2c201db5a32ccb4339f29592fdc2cee3d22bab1a54a7c8b2b4
                                                                                                                                                                                  • Opcode Fuzzy Hash: acfc468b7e43bb10b7ff0d0152cbb3a7f5b98f9e373c09cf49a125895592c8d8
                                                                                                                                                                                  • Instruction Fuzzy Hash: EF11DAB570C2018BD328CF25D8411677792FBDA359F2A857DC4C693311E638C896CB4E
                                                                                                                                                                                  Function 00654E37 Relevance: .1, Instructions: 99COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.1595932109.0000000000630000.00000040.00001000.00020000.00000000.sdmp, Offset: 00630000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_630000_1.jbxd
                                                                                                                                                                                  Yara matches
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 8cf18ad63dcf79b04559163a19424cb3767ad7876812ef7a0082f33ed753e348
                                                                                                                                                                                  • Instruction ID: 0f53883b452ae5079a5a8d85e8e347df182c3183247868e1d3b02faa829aecfb
                                                                                                                                                                                  • Opcode Fuzzy Hash: 8cf18ad63dcf79b04559163a19424cb3767ad7876812ef7a0082f33ed753e348
                                                                                                                                                                                  • Instruction Fuzzy Hash: CE213E37658B24C78328CB68D8D156EF293BBC9314F29563CD9E617793DA70AC054EC4
                                                                                                                                                                                  Function 00645407 Relevance: .1, Instructions: 98COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.1595932109.0000000000630000.00000040.00001000.00020000.00000000.sdmp, Offset: 00630000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_630000_1.jbxd
                                                                                                                                                                                  Yara matches
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 710e7533e80d1d0810aeec89f7504200abcce8beb2742758e1c5bbb59c936eb8
                                                                                                                                                                                  • Instruction ID: 4fae0f9f91221a6e31fb0cdcd077ae94dbc7bf17cf16508f7ce19ca90ad02060
                                                                                                                                                                                  • Opcode Fuzzy Hash: 710e7533e80d1d0810aeec89f7504200abcce8beb2742758e1c5bbb59c936eb8
                                                                                                                                                                                  • Instruction Fuzzy Hash: 6D210078609B48CFD7086F64D49197EB3A3FF96306F20182CD18317622D726AC56CE09
                                                                                                                                                                                  Function 00408A20 Relevance: .1, Instructions: 91COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.1595752443.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                  • Associated: 00000000.00000002.1595752443.0000000000451000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_1.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 293d11ecb15a4287942a121f2196c36d4946016947497cfec40f8ac486ff9ff3
                                                                                                                                                                                  • Instruction ID: 4f1d71fb5aafb55bbb6ecf10704b10a6957184f282fc2a4d43332aeca18cb1f1
                                                                                                                                                                                  • Opcode Fuzzy Hash: 293d11ecb15a4287942a121f2196c36d4946016947497cfec40f8ac486ff9ff3
                                                                                                                                                                                  • Instruction Fuzzy Hash: D021FB77E619204BE310CD56CC803527796A7C9338F3EC6B8C9689B792D93BAD0386C4
                                                                                                                                                                                  Function 0043BCDB Relevance: .1, Instructions: 76COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.1595752443.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                  • Associated: 00000000.00000002.1595752443.0000000000451000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_1.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: c22c82c6afaff4323aeddcf8a0b323081299386c62de936f749b2d5089645518
                                                                                                                                                                                  • Instruction ID: 44b108f5c51c809564f144fab21c768bc7a1147cc1edb25e7a74140109bb06bc
                                                                                                                                                                                  • Opcode Fuzzy Hash: c22c82c6afaff4323aeddcf8a0b323081299386c62de936f749b2d5089645518
                                                                                                                                                                                  • Instruction Fuzzy Hash: 7C110676E146118BCB18CF69CC523BAB7B2EB99200F19D155C955A7348D73CA813CBD8
                                                                                                                                                                                  Function 00419605 Relevance: .1, Instructions: 76COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.1595752443.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                  • Associated: 00000000.00000002.1595752443.0000000000451000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_1.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: da3fd8ae93b192c0f111e44c3c32af5bc5512243a4d820926447d60aa6e4e829
                                                                                                                                                                                  • Instruction ID: a757394a4cb749adef7bef0501ec20ad0054201719fad234ca00d19875ba6271
                                                                                                                                                                                  • Opcode Fuzzy Hash: da3fd8ae93b192c0f111e44c3c32af5bc5512243a4d820926447d60aa6e4e829
                                                                                                                                                                                  • Instruction Fuzzy Hash: 7421D43660D3509BC7BA8B24D4A12EBB393BBC5715F19493EC48B63220CB358C82C789
                                                                                                                                                                                  Function 0066BF42 Relevance: .1, Instructions: 76COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.1595932109.0000000000630000.00000040.00001000.00020000.00000000.sdmp, Offset: 00630000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_630000_1.jbxd
                                                                                                                                                                                  Yara matches
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: c22c82c6afaff4323aeddcf8a0b323081299386c62de936f749b2d5089645518
                                                                                                                                                                                  • Instruction ID: cd6686f35a91d4e41711c421ad463850842ab1c8a7037dbff5e8f85f7ea486b6
                                                                                                                                                                                  • Opcode Fuzzy Hash: c22c82c6afaff4323aeddcf8a0b323081299386c62de936f749b2d5089645518
                                                                                                                                                                                  • Instruction Fuzzy Hash: 01110376E54A11CBCB188F69C8512BAF7B3ABC6210B19C155C855A7308E738AC13CBD4
                                                                                                                                                                                  Function 006478F9 Relevance: .1, Instructions: 75COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.1595932109.0000000000630000.00000040.00001000.00020000.00000000.sdmp, Offset: 00630000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_630000_1.jbxd
                                                                                                                                                                                  Yara matches
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 6b1e25db6c88d9de49f5b493e95180b2d7ba1ca98a3f83d80d3b8168a2120858
                                                                                                                                                                                  • Instruction ID: af9b078f39166a7e5d046cec25fe7c9b83cf22ee5c6a78b4dbe607ecd8d277c2
                                                                                                                                                                                  • Opcode Fuzzy Hash: 6b1e25db6c88d9de49f5b493e95180b2d7ba1ca98a3f83d80d3b8168a2120858
                                                                                                                                                                                  • Instruction Fuzzy Hash: F911E671C0C3918BD7168F658850766BFE2AFA3205F0845ADE4E16B293D6258505C7A6
                                                                                                                                                                                  Function 00428640 Relevance: .1, Instructions: 64COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.1595752443.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                  • Associated: 00000000.00000002.1595752443.0000000000451000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_1.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 608dd701897513dd916dfbcb45b4996795ef9bc880f05c343f5b0976ad93ecef
                                                                                                                                                                                  • Instruction ID: f61ec92dad2fd4602637d309349e992f4572622f6c6272088c11177126769445
                                                                                                                                                                                  • Opcode Fuzzy Hash: 608dd701897513dd916dfbcb45b4996795ef9bc880f05c343f5b0976ad93ecef
                                                                                                                                                                                  • Instruction Fuzzy Hash: 3D018039A0A6209BC7188F10E45153FF7B1EB9A714F55986DD58263252CB7CEC068B8A
                                                                                                                                                                                  Function 006588A7 Relevance: .1, Instructions: 64COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.1595932109.0000000000630000.00000040.00001000.00020000.00000000.sdmp, Offset: 00630000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_630000_1.jbxd
                                                                                                                                                                                  Yara matches
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 51c98395a43bb148d150cc10aca9cb718eee83b6c2dfc6caa269148911366473
                                                                                                                                                                                  • Instruction ID: 192bb892ead7b00bf3e9d78d25a4b50756a75326a87182db4b700c127986fc56
                                                                                                                                                                                  • Opcode Fuzzy Hash: 51c98395a43bb148d150cc10aca9cb718eee83b6c2dfc6caa269148911366473
                                                                                                                                                                                  • Instruction Fuzzy Hash: 1401963D909610EFCB094F14D44187AF7B2EB96715F15986CD48277752CB39EC0A8B8A
                                                                                                                                                                                  Function 00429DA0 Relevance: .1, Instructions: 63COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.1595752443.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                  • Associated: 00000000.00000002.1595752443.0000000000451000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_1.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 2e7b69c494abd83f6118a72f7de64ff912b6fa8dc0b82fccbac9464bcbb27eac
                                                                                                                                                                                  • Instruction ID: 98c5902008ec262a901b4120b44f5f9056f1ed7b7d2b9e352d563ad5ba31e3e8
                                                                                                                                                                                  • Opcode Fuzzy Hash: 2e7b69c494abd83f6118a72f7de64ff912b6fa8dc0b82fccbac9464bcbb27eac
                                                                                                                                                                                  • Instruction Fuzzy Hash: 4901B5F1B0031157DB20DE11E4C072BB2A86F95708F88003ED80857382EF79FC14D299
                                                                                                                                                                                  Function 0065A007 Relevance: .1, Instructions: 63COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.1595932109.0000000000630000.00000040.00001000.00020000.00000000.sdmp, Offset: 00630000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_630000_1.jbxd
                                                                                                                                                                                  Yara matches
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 86788fef5b11093d396d1c23c573a9fbe5bc69a7e68fa2a75242ffe8a2dfe7ab
                                                                                                                                                                                  • Instruction ID: c8cac00a8afe9a682e804eb12de909c8afc4ce09a1b65650439457741f0a96d7
                                                                                                                                                                                  • Opcode Fuzzy Hash: 86788fef5b11093d396d1c23c573a9fbe5bc69a7e68fa2a75242ffe8a2dfe7ab
                                                                                                                                                                                  • Instruction Fuzzy Hash: 8001B1F1650B014BD730AEA184C0B77F2AA6F91709F08062CEC4947381DB76EC0986E6
                                                                                                                                                                                  Function 005D0083 Relevance: .1, Instructions: 61COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.1595867373.00000000005D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 005D0000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_5d0000_1.jbxd
                                                                                                                                                                                  Yara matches
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 80fd216e43a3e8e10aa1bc4256d449f15122fb9386c352c6ac78bfc1f060c30f
                                                                                                                                                                                  • Instruction ID: c07855336fb2efb945f1dcff11dea3164f5ce7fa1295ea190285ac7b1a5b66a0
                                                                                                                                                                                  • Opcode Fuzzy Hash: 80fd216e43a3e8e10aa1bc4256d449f15122fb9386c352c6ac78bfc1f060c30f
                                                                                                                                                                                  • Instruction Fuzzy Hash: A9117C72340100AFDB64DE59DCC5FA677EAFB89320F698066ED08CB356D676E842C760
                                                                                                                                                                                  Function 00655E4F Relevance: .1, Instructions: 58COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.1595932109.0000000000630000.00000040.00001000.00020000.00000000.sdmp, Offset: 00630000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_630000_1.jbxd
                                                                                                                                                                                  Yara matches
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: f53ba6420f9f43fe9e0db5d36366ef6edcd796af54228b74a54863d83e8348a4
                                                                                                                                                                                  • Instruction ID: fde32b9a77681de732fd73fd529977a6424597c5938ec831dbdd9513a12d03ab
                                                                                                                                                                                  • Opcode Fuzzy Hash: f53ba6420f9f43fe9e0db5d36366ef6edcd796af54228b74a54863d83e8348a4
                                                                                                                                                                                  • Instruction Fuzzy Hash: 1201047C6486009BE7289B14D8D18BAB7A3AF92306F44982CF49247663C675C809CB15
                                                                                                                                                                                  Function 00656ED0 Relevance: .0, Instructions: 48COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.1595932109.0000000000630000.00000040.00001000.00020000.00000000.sdmp, Offset: 00630000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_630000_1.jbxd
                                                                                                                                                                                  Yara matches
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 11f8bbf734cf5a287c76ae8de7de0b824c6e7a31d5c82def3c58ba0426c33b91
                                                                                                                                                                                  • Instruction ID: 9192b4e6b4bfe0e6ea6de3649112705dfdd8b0a132f94a671e06197b206dbff6
                                                                                                                                                                                  • Opcode Fuzzy Hash: 11f8bbf734cf5a287c76ae8de7de0b824c6e7a31d5c82def3c58ba0426c33b91
                                                                                                                                                                                  • Instruction Fuzzy Hash: C7F0B4B46093E18BC727862D8020175FFE24F9B206F4884E8F8D19B382C2278C0AC761
                                                                                                                                                                                  Function 004146C0 Relevance: .0, Instructions: 47COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.1595752443.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                  • Associated: 00000000.00000002.1595752443.0000000000451000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_1.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 7a984843b570b7378253929d1441754c9cdf9516a4ccd76f455c2bd59a9e2d53
                                                                                                                                                                                  • Instruction ID: bb4e2a52db73081763e4cc20a31c5bd5ee5cd117bafd3b88ef307c5ea5bcf149
                                                                                                                                                                                  • Opcode Fuzzy Hash: 7a984843b570b7378253929d1441754c9cdf9516a4ccd76f455c2bd59a9e2d53
                                                                                                                                                                                  • Instruction Fuzzy Hash: DE01F27BA013028B8324CE9CC0D0AABB3B0FFD6794B2A445ED5805B3B0C7359C558224
                                                                                                                                                                                  Function 00644927 Relevance: .0, Instructions: 47COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.1595932109.0000000000630000.00000040.00001000.00020000.00000000.sdmp, Offset: 00630000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_630000_1.jbxd
                                                                                                                                                                                  Yara matches
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 7a984843b570b7378253929d1441754c9cdf9516a4ccd76f455c2bd59a9e2d53
                                                                                                                                                                                  • Instruction ID: 1664dca5dce584cc9fb9b8d4bd05eab7842aee6603f68667de5808b2e120f7cc
                                                                                                                                                                                  • Opcode Fuzzy Hash: 7a984843b570b7378253929d1441754c9cdf9516a4ccd76f455c2bd59a9e2d53
                                                                                                                                                                                  • Instruction Fuzzy Hash: 6A01A267A013138B8324CE5CC4D16ABB3B1FF89B94B2A546DD5402B370DB729D159260
                                                                                                                                                                                  Function 00656155 Relevance: .0, Instructions: 46COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.1595932109.0000000000630000.00000040.00001000.00020000.00000000.sdmp, Offset: 00630000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_630000_1.jbxd
                                                                                                                                                                                  Yara matches
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 1f833ac728eaa02a1bc5462d3afabdad92549209b647dc7f8cff3374a10af133
                                                                                                                                                                                  • Instruction ID: d37d65421b512c15463d4395620fa3d6bd9998b1816b207595fa0f7c5ca571a0
                                                                                                                                                                                  • Opcode Fuzzy Hash: 1f833ac728eaa02a1bc5462d3afabdad92549209b647dc7f8cff3374a10af133
                                                                                                                                                                                  • Instruction Fuzzy Hash: 6401247D5483108FD7248F25C8D14BAB3B2EF92306F48982CE8D203662C675C80ECB46
                                                                                                                                                                                  Function 00630D90 Relevance: .0, Instructions: 43COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.1595932109.0000000000630000.00000040.00001000.00020000.00000000.sdmp, Offset: 00630000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_630000_1.jbxd
                                                                                                                                                                                  Yara matches
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 4464db465ba34ef3b506432a1509cd0f617e3f47c711957a903ed9c1c8e80aab
                                                                                                                                                                                  • Instruction ID: 4e22ff19d84ff57596d9aa5f73c4e7c363ef0844f3d0a7dee64623f48e534a4e
                                                                                                                                                                                  • Opcode Fuzzy Hash: 4464db465ba34ef3b506432a1509cd0f617e3f47c711957a903ed9c1c8e80aab
                                                                                                                                                                                  • Instruction Fuzzy Hash: 0201A276B006048FEF21CF64C814BEA33EAFF86316F4544E5D90A97381E774A9498BD0
                                                                                                                                                                                  Function 006328EE Relevance: .0, Instructions: 34COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.1595932109.0000000000630000.00000040.00001000.00020000.00000000.sdmp, Offset: 00630000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_630000_1.jbxd
                                                                                                                                                                                  Yara matches
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 8471ca61dec84cce03ebf3d692c7263c07cfd1a60fa468610ed0efeaf2eb68d9
                                                                                                                                                                                  • Instruction ID: d19c0d8fd2b68dc6fe47b8faa27b2d6b3a366d95b2a825d9db19ae269f5231ad
                                                                                                                                                                                  • Opcode Fuzzy Hash: 8471ca61dec84cce03ebf3d692c7263c07cfd1a60fa468610ed0efeaf2eb68d9
                                                                                                                                                                                  • Instruction Fuzzy Hash: 78F05C322181424B8F288E5C48F03B9F3A30F97310F18816DD0D24725AC130D54AE6DC
                                                                                                                                                                                  Function 006496BE Relevance: .0, Instructions: 31COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.1595932109.0000000000630000.00000040.00001000.00020000.00000000.sdmp, Offset: 00630000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_630000_1.jbxd
                                                                                                                                                                                  Yara matches
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: da0c50d66ddfded598c519d4c17e3581749aca29ae3bede9d2f214f3bf2e655c
                                                                                                                                                                                  • Instruction ID: f3903fc1868e8d0925c05a2b2afc88acf9d49a728d78eea62c8e96db7e17ae7c
                                                                                                                                                                                  • Opcode Fuzzy Hash: da0c50d66ddfded598c519d4c17e3581749aca29ae3bede9d2f214f3bf2e655c
                                                                                                                                                                                  • Instruction Fuzzy Hash: A6F0A0B190530AEFCF208F84C841AABBBB2FF8A750F048459F8898B320E331C951DB55
                                                                                                                                                                                  Function 0066D3C4 Relevance: .0, Instructions: 12COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.1595932109.0000000000630000.00000040.00001000.00020000.00000000.sdmp, Offset: 00630000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_630000_1.jbxd
                                                                                                                                                                                  Yara matches
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: bd50fc54169386f4dbfa7b269dc7ccc6cd1231e84d782bb37de4fc393b43472d
                                                                                                                                                                                  • Instruction ID: 208f5b9799af86ddf63ffa5a64644709595d29c801d9f5786d35319b588d347a
                                                                                                                                                                                  • Opcode Fuzzy Hash: bd50fc54169386f4dbfa7b269dc7ccc6cd1231e84d782bb37de4fc393b43472d
                                                                                                                                                                                  • Instruction Fuzzy Hash: 9ED0EA79A082018FC340DF08E880725B7B5AB8A210F25E469D888AB366D734E8569B49
                                                                                                                                                                                  Function 004210F3 Relevance: .0, Instructions: 11COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.1595752443.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                  • Associated: 00000000.00000002.1595752443.0000000000451000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_1.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: f605033f8a75f5b441b18b6f9fe9693a2b1c21f2820c23dcb107478b9488255e
                                                                                                                                                                                  • Instruction ID: 4fdb3731ec9b1575b7a6813feb3d46eefc33fa445370c85974d5c3868d714a98
                                                                                                                                                                                  • Opcode Fuzzy Hash: f605033f8a75f5b441b18b6f9fe9693a2b1c21f2820c23dcb107478b9488255e
                                                                                                                                                                                  • Instruction Fuzzy Hash: 3FB092A9C0A81186D8112B113D035AAB0284E13218F082036E80632247BE2AF21A509F
                                                                                                                                                                                  Function 0065135A Relevance: .0, Instructions: 11COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.1595932109.0000000000630000.00000040.00001000.00020000.00000000.sdmp, Offset: 00630000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_630000_1.jbxd
                                                                                                                                                                                  Yara matches
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 0f0a2b79a0d167f751aeb354a5ab8faebfc7c47af379afde6a631db0257b4b82
                                                                                                                                                                                  • Instruction ID: 5d2bf1969892eb97e9ff419c217ca9c5ba568ae2e429cf07321b08a80d7a73d8
                                                                                                                                                                                  • Opcode Fuzzy Hash: 0f0a2b79a0d167f751aeb354a5ab8faebfc7c47af379afde6a631db0257b4b82
                                                                                                                                                                                  • Instruction Fuzzy Hash: DCB092B1CC2E108E92512B112D039EBF02A4D93310F052434F80623205BA17E31A40DF
                                                                                                                                                                                  Function 00647CBD Relevance: .0, Instructions: 7COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.1595932109.0000000000630000.00000040.00001000.00020000.00000000.sdmp, Offset: 00630000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_630000_1.jbxd
                                                                                                                                                                                  Yara matches
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: b49518c04e122dcdbd1440b5e1b8cc74ac51adac86039ee585854a115eb5c69f
                                                                                                                                                                                  • Instruction ID: 87af20a7c6acb7e062c104b5a8364b663eb83d0cde599457eee03b459e607602
                                                                                                                                                                                  • Opcode Fuzzy Hash: b49518c04e122dcdbd1440b5e1b8cc74ac51adac86039ee585854a115eb5c69f
                                                                                                                                                                                  • Instruction Fuzzy Hash: 26B0123080B19CCEC3040F305018039FA716D43303F0070A0E0C4B3010C771C501DA0D
                                                                                                                                                                                  Function 0065512E Relevance: .0, Instructions: 6COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.1595932109.0000000000630000.00000040.00001000.00020000.00000000.sdmp, Offset: 00630000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_630000_1.jbxd
                                                                                                                                                                                  Yara matches
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 5e7eb558898400517038e976b9f487ec8765be24b758d8fd7744e25e455571e2
                                                                                                                                                                                  • Instruction ID: 1e520112adf2d45bbafe3fe049392336ef83327a6f7a3eea7fa973bf7f48e926
                                                                                                                                                                                  • Opcode Fuzzy Hash: 5e7eb558898400517038e976b9f487ec8765be24b758d8fd7744e25e455571e2
                                                                                                                                                                                  • Instruction Fuzzy Hash: 20900224D495008785008F149440470E278A30B111F1035519008F7022C750D840490D
                                                                                                                                                                                  Function 004234B7 Relevance: 10.7, APIs: 1, Strings: 5, Instructions: 246COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.1595752443.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                  • Associated: 00000000.00000002.1595752443.0000000000451000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_1.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: DrivesLogical
                                                                                                                                                                                  • String ID: H:B$pz$pz$uw$xs
                                                                                                                                                                                  • API String ID: 999431828-1762182995
                                                                                                                                                                                  • Opcode ID: 94aecc126de4fbd565a8a496ba90aa3e3c1d7c21f249c31cbc6cfd6f8d21798b
                                                                                                                                                                                  • Instruction ID: a8d23ff692b1174eb06db715e9a28044fd6105134fdaffa46370887a1062778d
                                                                                                                                                                                  • Opcode Fuzzy Hash: 94aecc126de4fbd565a8a496ba90aa3e3c1d7c21f249c31cbc6cfd6f8d21798b
                                                                                                                                                                                  • Instruction Fuzzy Hash: 718104B9E01216CFDB14CF64E8916AABB70FF1A304B4991A8D445AF322D738D981CFC5
                                                                                                                                                                                  Function 0065371E Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 124COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.1595932109.0000000000630000.00000040.00001000.00020000.00000000.sdmp, Offset: 00630000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_630000_1.jbxd
                                                                                                                                                                                  Yara matches
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: DrivesLogical
                                                                                                                                                                                  • String ID: uw$xs
                                                                                                                                                                                  • API String ID: 999431828-3936089760
                                                                                                                                                                                  • Opcode ID: 8bab48c271bd3aa737ee4b094a51aed7c3ae265ac3e9247cfb716da66698cb7e
                                                                                                                                                                                  • Instruction ID: 04ec37f8e62e662ec1ff28a6db86dc94240c060da9b04a969b11c7bc713031b6
                                                                                                                                                                                  • Opcode Fuzzy Hash: 8bab48c271bd3aa737ee4b094a51aed7c3ae265ac3e9247cfb716da66698cb7e
                                                                                                                                                                                  • Instruction Fuzzy Hash: BE31FEF5A112178BDB18DF68C8916AAFB71FF16381B046298E4469F752E734C9C1CBC4